General Azure Key Vault integration questions

Hello im following this documentation to integrate with AZure KV ,

Is not clear under configuration part do we need new app registration, or we use the same one where we have Orchestrator installed .

And the second part where Manage > Certificates & Secrets > New client secret
it shroud be stored in the KV right?