diff --git a/data.tf b/data.tf
index 034901a..14ebd90 100644
--- a/data.tf
+++ b/data.tf
@@ -1,8 +1,10 @@
 # Get DNS provider secrets from Vault
-data "vault_generic_secret" "dns" {
-  path = "secret/dns"
+data "vault_kv_secret_v2" "dns" {
+  mount = "secret"
+  name  = "dns"
 }
 
-data "vault_generic_secret" "renovate" {
-  path = "secret/renovate"
+data "vault_kv_secret_v2" "renovate" {
+  mount = "secret"
+  name  = "renovate"
 }
diff --git a/main.tf b/main.tf
index 684ff6d..e00b9fd 100644
--- a/main.tf
+++ b/main.tf
@@ -32,16 +32,16 @@ resource "docker_container" "renovate" {
   # Environment variables for Renovate
   env = concat(
     [
-      "RENOVATE_PLATFORM=${data.vault_generic_secret.renovate.data["renovate_platform"]}",
-      "RENOVATE_ENDPOINT=${data.vault_generic_secret.renovate.data["renovate_endpoint"]}",
-      "RENOVATE_TOKEN=${data.vault_generic_secret.renovate.data["renovate_token"]}",
-      "RENOVATE_GIT_AUTHOR=${data.vault_generic_secret.renovate.data["renovate_git_author"]}",
-      "RENOVATE_USERNAME=${data.vault_generic_secret.renovate.data["renovate_username"]}",
+      "RENOVATE_PLATFORM=${data.vault_kv_secret_v2.renovate.data["renovate_platform"]}",
+      "RENOVATE_ENDPOINT=${data.vault_kv_secret_v2.renovate.data["renovate_endpoint"]}",
+      "RENOVATE_TOKEN=${data.vault_kv_secret_v2.renovate.data["renovate_token"]}",
+      "RENOVATE_GIT_AUTHOR=${data.vault_kv_secret_v2.renovate.data["renovate_git_author"]}",
+      "RENOVATE_USERNAME=${data.vault_kv_secret_v2.renovate.data["renovate_username"]}",
       "RENOVATE_AUTODISCOVER=${var.renovate_autodiscover}",
       "LOG_LEVEL=${var.log_level}"
     ],
     # GitHub token: prefer Vault, fall back to variable
-    coalesce(try(data.vault_generic_secret.renovate.data["github_token"], ""), var.github_com_token) != "" ? ["GITHUB_COM_TOKEN=${coalesce(try(data.vault_generic_secret.renovate.data["github_token"], ""), var.github_com_token)}"] : [],
+    coalesce(try(data.vault_kv_secret_v2.renovate.data["github_token"], ""), var.github_com_token) != "" ? ["GITHUB_COM_TOKEN=${coalesce(try(data.vault_kv_secret_v2.renovate.data["github_token"], ""), var.github_com_token)}"] : [],
     var.extra_env_vars
   )
 
@@ -70,10 +70,10 @@ resource "docker_container" "renovate" {
     for_each = var.upload_config_file ? [1] : []
     content {
       content = templatefile("${path.module}/files/config.js.tpl", {
-        platform          = data.vault_generic_secret.renovate.data["renovate_platform"]
-        endpoint          = data.vault_generic_secret.renovate.data["renovate_endpoint"]
-        git_author        = data.vault_generic_secret.renovate.data["renovate_git_author"]
-        username          = data.vault_generic_secret.renovate.data["renovate_username"]
+        platform          = data.vault_kv_secret_v2.renovate.data["renovate_platform"]
+        endpoint          = data.vault_kv_secret_v2.renovate.data["renovate_endpoint"]
+        git_author        = data.vault_kv_secret_v2.renovate.data["renovate_git_author"]
+        username          = data.vault_kv_secret_v2.renovate.data["renovate_username"]
         autodiscover      = var.renovate_autodiscover
         onboarding_config = var.renovate_onboarding_config
       })
diff --git a/outputs.tf b/outputs.tf
index 3a9d24a..e29771e 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -22,12 +22,12 @@ output "cache_volume" {
 
 output "renovate_platform" {
   description = "Platform configured for Renovate"
-  value       = data.vault_generic_secret.renovate.data["renovate_platform"]
+  value       = data.vault_kv_secret_v2.renovate.data["renovate_platform"]
   sensitive   = true
 }
 
 output "renovate_endpoint" {
   description = "API endpoint configured for Renovate"
-  value       = data.vault_generic_secret.renovate.data["renovate_endpoint"]
+  value       = data.vault_kv_secret_v2.renovate.data["renovate_endpoint"]
   sensitive   = true
 }
diff --git a/provider.tf b/provider.tf
index b890e50..f37f7a1 100644
--- a/provider.tf
+++ b/provider.tf
@@ -20,10 +20,10 @@ terraform {
 # Configure the DNS Provider
 provider "dns" {
   update {
-    server        = data.vault_generic_secret.dns.data["dns_server"]
-    key_name      = data.vault_generic_secret.dns.data["key_name"]
-    key_algorithm = data.vault_generic_secret.dns.data["key_algorithm"]
-    key_secret    = data.vault_generic_secret.dns.data["key_secret"]
+    server        = data.vault_kv_secret_v2.dns.data["dns_server"]
+    key_name      = data.vault_kv_secret_v2.dns.data["key_name"]
+    key_algorithm = data.vault_kv_secret_v2.dns.data["key_algorithm"]
+    key_secret    = data.vault_kv_secret_v2.dns.data["key_secret"]
   }
 }