Clarify docs for CSI provider secretArgs (#12570)

website/content/docs/platform/k8s/csi/configurations.mdx

@@ -75,6 +75,15 @@ The following parameters are supported by the Vault provider:
   - `method` `(string: "GET")` - The type of HTTP request. Supported values include "GET" and "PUT".
 
   - `secretPath` `(string: "")` - The path in Vault where the secret is located.
+    For secrets that are retrieved via HTTP GET method, the `secretPath` can include optional URI parameters,
+    for example, the [version of the KV2 secret](https://www.vaultproject.io/api/secret/kv/kv-v2#read-secret-version):
+
+    ```yaml
+    objects: |
+      - objectName: "app-secret"
+        secretPath: "secret/data/test?version=1"
+        secretKey: "password"
+    ```
 
   - `secretKey` `(string: "")` - The key in the Vault secret to extract. If omitted, the whole response from Vault will be written as JSON.
 
@@ -86,3 +95,7 @@ The following parameters are supported by the Vault provider:
       common_name: 'test.example.com'
       ttl: '24h'
     ```
+
+    ~> `secretArgs` are sent as part of the HTTP request body. Therefore, they are only effective for HTTP PUT/POST requests, for instance,
+        the [request used to generate a new certificate](https://www.vaultproject.io/api/secret/pki#generate-certificate).
+        To supply additional parameters for secrets retrieved via HTTP GET, include optional URI paramters in [`secretPath`](#secretpath).