diff --git a/README.md b/README.md
index d0ed7c6..66b33bd 100644
--- a/README.md
+++ b/README.md
@@ -127,3 +127,14 @@ $ vault-openvpn --auto-revoke --ovpn-key secret/ovpn --pki-mountpoint luzifer_io
 # for the client config
 $ vault-openvpn --auto-revoke --ovpn-key secret/ovpn --pki-mountpoint luzifer_io client workwork01.openvpn.luzifer.io
 ```
+
+Pay attention when using a **Vault KV v2 backend**: You need to specify the path slighty different and use `vault-openvpn` v1.9.0 and above.
+
+```console
+$ openvpn --genkey --secret openvpn.key
+$ vault kv put secret/vault-openvpn/ovpn key=@openvpn.key
+
+$ vault-openvpn --auto-revoke --ovpn-key secret/data/vault-openvpn/ovpn --pki-mountpoint luzifer_io client workwork01.openvpn.luzifer.io
+```
+
+Mind the additional `/data` added inside the key directly after the mount. This is required due to the differences in API methods between the KV v1 and v2 backends.
diff --git a/cmd/helpers.go b/cmd/helpers.go
index 54964f0..8f75af4 100644
--- a/cmd/helpers.go
+++ b/cmd/helpers.go
@@ -13,10 +13,11 @@ import (
 	"text/template"
 	"time"
 
-	dhparam "github.com/Luzifer/go-dhparam"
 	"github.com/hashicorp/vault/api"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/viper"
+
+	dhparam "github.com/Luzifer/go-dhparam"
 )
 
 func fetchCertificateBySerial(serial string) (*x509.Certificate, bool, bool, error) {
@@ -53,7 +54,12 @@ func fetchOVPNKey() (string, error) {
 		return "", errors.New("Got no data from backend")
 	}
 
-	key, ok := secret.Data["key"]
+	dmap := secret.Data
+	if mapv2, ok := secret.Data["data"]; ok {
+		dmap = mapv2.(map[string]interface{})
+	}
+
+	key, ok := dmap["key"]
 	if !ok {
 		return "", errors.New("Within specified secret no entry named 'key' was found")
 	}