The deployment not only applies software updates via the manifest, it also deploys configuration changes. For plain text properties, updating the environment variables will trigger Kubernetes to automatically restart the container and hence, reload the configuration.
Secrets however are stored in a different way, and when they change Kubernetes does not know to restart the containers using this value, therefore
so from the configuration example the REGISTRY_KEY is a secret, but the REGISTRY_KEY_SHA is plain text
target=PLANB_DEV
aks_work_space=aks_dev
name_space=openshift-dev
REGISTRY_KEY=S3cretPassw0d
REGISTRY_KEY_SHA=9DC6A1DD986364D2A2574F607D9E23085846AE4052E7D460C5FB617E9CAFB6E4
So if only the secret changes, the SHA also changes, and as a result, the container is automatically restarted. An additional benefit of this approach is that when diagnosing an issue, the SHA can be used as an indicative secret verification.