diff --git a/cmd/sentry/main.go b/cmd/sentry/main.go
index 3bc06c9c5ec..29b5c8a7892 100644
--- a/cmd/sentry/main.go
+++ b/cmd/sentry/main.go
@@ -128,13 +128,18 @@ func main() {
 	}
 
 	// Watch for changes in the watchDir
-	err = mngr.Add(func(ctx context.Context) error {
-		log.Infof("Starting watch on filesystem directory: %s", watchDir)
-		return fswatcher.Watch(ctx, watchDir, issuerEvent)
+	fs, err := fswatcher.New(fswatcher.Options{
+		Targets: []string{watchDir},
 	})
 	if err != nil {
 		log.Fatal(err)
 	}
+	if err = mngr.Add(func(ctx context.Context) error {
+		log.Infof("Starting watch on filesystem directory: %s", watchDir)
+		return fs.Run(ctx, issuerEvent)
+	}); err != nil {
+		log.Fatal(err)
+	}
 
 	// Healthz server
 	err = mngr.Add(func(ctx context.Context) error {
diff --git a/go.mod b/go.mod
index 8aee45226cf..cefb1994b73 100644
--- a/go.mod
+++ b/go.mod
@@ -11,8 +11,8 @@ require (
 	github.com/argoproj/argo-rollouts v1.4.1
 	github.com/cenkalti/backoff/v4 v4.2.1
 	github.com/cloudevents/sdk-go/v2 v2.14.0
-	github.com/dapr/components-contrib v1.12.1-0.20231129042434-36a055ebd8d7
-	github.com/dapr/kit v0.12.2-0.20231031211530-0e1fd37fc4b3
+	github.com/dapr/components-contrib v1.12.1-0.20231204210358-79adc565c17a
+	github.com/dapr/kit v0.12.2-0.20231116003620-df64d3a144b3
 	github.com/evanphx/json-patch/v5 v5.7.0
 	github.com/go-chi/chi/v5 v5.0.10
 	github.com/go-chi/cors v1.2.1
diff --git a/go.sum b/go.sum
index 7d6438456e7..f2032efc4ac 100644
--- a/go.sum
+++ b/go.sum
@@ -405,10 +405,10 @@ github.com/dancannon/gorethink v4.0.0+incompatible h1:KFV7Gha3AuqT+gr0B/eKvGhbjm
 github.com/dancannon/gorethink v4.0.0+incompatible/go.mod h1:BLvkat9KmZc1efyYwhz3WnybhRZtgF1K929FD8z1avU=
 github.com/danieljoos/wincred v1.1.2 h1:QLdCxFs1/Yl4zduvBdcHB8goaYk9RARS2SgLLRuAyr0=
 github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0=
-github.com/dapr/components-contrib v1.12.1-0.20231129042434-36a055ebd8d7 h1:f0n7cuFO2OTdeLwNDsdNs7eLwfIuhKCXi/Aeh/IbYXA=
-github.com/dapr/components-contrib v1.12.1-0.20231129042434-36a055ebd8d7/go.mod h1:s4vy1EFMh/9xMoeD0FvIH2D1LI3BHutzRwT1yKxGD+c=
-github.com/dapr/kit v0.12.2-0.20231031211530-0e1fd37fc4b3 h1:xsmVK3YOKRMOcaxqo50Ce0apQzq+LzAfWuFapQuu8Ro=
-github.com/dapr/kit v0.12.2-0.20231031211530-0e1fd37fc4b3/go.mod h1:c3Z78F+h7UYtb0LmpzJNC/ChT240ycDJFViRUztdpoo=
+github.com/dapr/components-contrib v1.12.1-0.20231204210358-79adc565c17a h1:4QIQrWZwcRQR11oUTcoLddxd85xdKG9+/0xpmGCDw1Y=
+github.com/dapr/components-contrib v1.12.1-0.20231204210358-79adc565c17a/go.mod h1:s4vy1EFMh/9xMoeD0FvIH2D1LI3BHutzRwT1yKxGD+c=
+github.com/dapr/kit v0.12.2-0.20231116003620-df64d3a144b3 h1:fqyFPfsGznKYlqR6jWHd9ZxcedgohkOY2IkLLO4h9pk=
+github.com/dapr/kit v0.12.2-0.20231116003620-df64d3a144b3/go.mod h1:c3Z78F+h7UYtb0LmpzJNC/ChT240ycDJFViRUztdpoo=
 github.com/dave/jennifer v1.4.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
diff --git a/pkg/security/security.go b/pkg/security/security.go
index 3a860a2d2b7..95ff6b48c2e 100644
--- a/pkg/security/security.go
+++ b/pkg/security/security.go
@@ -121,6 +121,10 @@ type provider struct {
 	running          atomic.Bool
 	readyCh          chan struct{}
 	trustAnchorsFile string
+
+	// fswatcherInterval is the interval at which the trust anchors file changes
+	// are batched. Used for testing only, and 500ms otherwise.
+	fswatcherInterval time.Duration
 }
 
 // security implements the Security interface.
@@ -165,8 +169,9 @@ func New(ctx context.Context, opts Options) (Provider, error) {
 	}
 
 	return &provider{
-		readyCh:          make(chan struct{}),
-		trustAnchorsFile: opts.TrustAnchorsFile,
+		fswatcherInterval: time.Millisecond * 500,
+		readyCh:           make(chan struct{}),
+		trustAnchorsFile:  opts.TrustAnchorsFile,
 		sec: &security{
 			source:                  source,
 			mtls:                    opts.MTLSEnabled,
@@ -208,10 +213,18 @@ func (p *provider) Run(ctx context.Context) error {
 	if len(p.trustAnchorsFile) > 0 {
 		caEvent := make(chan struct{})
 
+		fs, err := fswatcher.New(fswatcher.Options{
+			Targets:  []string{filepath.Dir(p.trustAnchorsFile)},
+			Interval: &p.fswatcherInterval,
+		})
+		if err != nil {
+			return err
+		}
+
 		err = mngr.Add(
 			func(ctx context.Context) error {
 				log.Infof("Watching trust anchors file '%s' for changes", p.trustAnchorsFile)
-				return fswatcher.Watch(ctx, filepath.Dir(p.trustAnchorsFile), caEvent)
+				return fs.Run(ctx, caEvent)
 			},
 			func(ctx context.Context) error {
 				for {
diff --git a/pkg/security/security_test.go b/pkg/security/security_test.go
index c223ea7870f..1316486c71c 100644
--- a/pkg/security/security_test.go
+++ b/pkg/security/security_test.go
@@ -101,6 +101,9 @@ func Test_Start(t *testing.T) {
 		})
 		require.NoError(t, err)
 
+		// Override the default of 500ms to 0 to speed up the test.
+		p.(*provider).fswatcherInterval = 0
+
 		ctx, cancel := context.WithCancel(context.Background())
 
 		providerStopped := make(chan struct{})