We're trying to use Azure Key Vault provider for Secrets Store CSI Driver in Kubernetes, which basically mounts the TLS certificates from a KeyVault into the filesystem, e.g. as /etc/tls-certificates/example.com.crt. The CSI Driver automatically updates the file when the entry in the KeyVault changes, but Caddy is not reloading the changes.

Would it make sense to change Caddy to use something like https://github.com/fsnotify/fsnotify to automatically reload TLS files when they change? If not, would it be possible to implement this as a plugin?

Related:

• Reload TLS certificates from disk via API #4005
• Caddy reload --force won't recache certificates #6789
• https://caddy.community/t/force-reload-certificates/27545