At this time, the vault contents are not distributed automatically. I had a chat with the AS7 architects at the time of the vault and the distribution of vault automatically across a domain was not accepted.
The idea is that within a domain, the vault has to be copied over by the administrator to each machine to bring in the homegeneous nature.
If the vault exists when a node comes up, it does read the vault state.
I understand about what you are asking - to refresh the vault on a running instance.
It would be a very useful feature.
Generally I'm trying to find/recongise a way for using the vault in a domain environment with multiple hosts, server groups using different profiles and belonging to different owners/tenants.
Should they all use the same keystore?
What if the tenants want to use different keystores/vault?
Wouldn't it be better to place the vault to profile of a certain tenant? I think yes, because at the moment all profile depend on a single server/host vault.
And many other questions regarding vault - domain - profile(s) - server group(s).