Tips for interested people
If your VPN configuration is active/active your two tunnels have the same route priority, which is 1000 by default (you can see it in your BGP session). To change the pre-shared key without cause network interruption, change the route priority of one tunnel with a lower value than the other tunnel to be in active/passive configuration. The tunnel with the lowest route priority will become passive so you can delete it and recreate it with a new PSK. During this time, the active tunnel will still running so you won’t have interruption.
Tested and approved in production 