diff --git a/barbican/plugin/castellan_secret_store.py b/barbican/plugin/castellan_secret_store.py
index b9b7000e2..9c904a5d4 100644
--- a/barbican/plugin/castellan_secret_store.py
+++ b/barbican/plugin/castellan_secret_store.py
@@ -67,7 +67,9 @@ class CastellanSecretStore(ss.SecretStoreBase):
             secret = self.key_manager.get(
                 self.context,
                 secret_ref)
-            return secret.get_encoded()
+
+            return ss.SecretDTO(secret_type, secret.get_encoded(),
+                                ss.KeySpec(), secret_metadata['content_type'])
         except Exception as e:
             LOG.exception("Error retrieving secret {}: {}".format(
                 secret_ref, six.text_type(e)))
diff --git a/barbican/tests/plugin/test_castellan_secret_store.py b/barbican/tests/plugin/test_castellan_secret_store.py
index 600ba5389..11bb98c38 100644
--- a/barbican/tests/plugin/test_castellan_secret_store.py
+++ b/barbican/tests/plugin/test_castellan_secret_store.py
@@ -155,19 +155,24 @@ class WhenTestingVaultSecretStore(utils.BaseTestCase):
         )
 
     def test_get_secret(self):
-        secret_metadata = {css.CastellanSecretStore.KEY_ID: key_ref1}
+        secret_metadata = {
+            css.CastellanSecretStore.KEY_ID: key_ref1,
+            "content_type": "application/octet-stream"
+        }
         response = self.plugin.get_secret(
             ss.SecretType.SYMMETRIC,
             secret_metadata
         )
 
+        self.assertIsInstance(response, ss.SecretDTO)
+
+        self.assertEqual(ss.SecretType.SYMMETRIC, response.type)
+        self.assertEqual(secret_passphrase, response.secret)
         self.plugin.key_manager.get.assert_called_once_with(
             mock.ANY,
             key_ref1
         )
 
-        self.assertEqual(response, secret_passphrase)
-
     def test_get_secret_throws_exception(self):
         secret_metadata = {css.CastellanSecretStore.KEY_ID: key_ref1}
         self.plugin.key_manager.get.side_effect = exception.Forbidden()
diff --git a/devstack/lib/barbican b/devstack/lib/barbican
index a1f65a782..c4d6cbc6e 100644
--- a/devstack/lib/barbican
+++ b/devstack/lib/barbican
@@ -597,8 +597,13 @@ function install_vault {
         echo "Wah! Need to throw an error code here!"
     fi
 
-    #debug code follows:
     export VAULT_ADDR="http://${HOST_IP}:8200"
+
+    # Enable kv version 1
+    vault secrets disable secret/
+    vault secrets enable -version=1 -path=secret -description "kv version 1" kv
+
+    #debug code follows:
     vault status
     vault kv put secret/hello foo=world
     vault kv get secret/hello