Loki secret take control on secret I've provided

After installing Hashicorp vault on our cluster with vault secrets operator, it’s time to add keep S3 credentials on secret.
I’ve added a secret into the cluster, but moment after helm install the secret get a new owner and it’s looks like this now:

  - apiVersion: secrets.hashicorp.com/v1beta1
    kind: VaultStaticSecret
    name: vault-kv-app
    uid: d39043fa-560b-40b7-8ce2-2c353f00232a
  - apiVersion: monitoring.grafana.com/v1alpha1
    blockOwnerDeletion: true
    kind: GrafanaAgent
    name: loki
    uid: eda13595-bb61-496d-94d1-883bb772068c

From the vault side I get error that this owner isn’t authorized and now it can’t be changed from the vault, which make it static.
few questions.

  1. Why GrafanaAgent take control?
  2. How I can avoid this?
  3. Any good practice to use Hashicorp vault with Loki?