diff --git a/barbican/plugin/vault_secret_store.py b/barbican/plugin/vault_secret_store.py
index 4705b46e1..4e0539cda 100644
--- a/barbican/plugin/vault_secret_store.py
+++ b/barbican/plugin/vault_secret_store.py
@@ -23,6 +23,7 @@ from oslo_log import log
 LOG = log.getLogger(__name__)
 
 DEFAULT_VAULT_URL = "http://127.0.0.1:8200"
+DEFAULT_MOUNTPOINT = "secret"
 
 vault_opt_group = cfg.OptGroup(name='vault_plugin', title='Vault Plugin')
 vault_opts = [
@@ -32,6 +33,10 @@ vault_opts = [
                help='AppRole role_id for authentication with vault'),
     cfg.StrOpt('approle_secret_id',
                help='AppRole secret_id for authentication with vault'),
+    cfg.StrOpt('kv_mountpoint',
+               default=DEFAULT_MOUNTPOINT,
+               help='Mountpoint of KV store in Vault to use, for example: '
+                    '{}'.format(DEFAULT_MOUNTPOINT)),
     cfg.StrOpt('vault_url',
                default=DEFAULT_VAULT_URL,
                help='Use this endpoint to connect to Vault, for example: '
@@ -75,6 +80,7 @@ class VaultSecretStore(css.CastellanSecretStore):
             vault_root_token_id=conf.vault_plugin.root_token_id,
             vault_approle_role_id=conf.vault_plugin.approle_role_id,
             vault_approle_secret_id=conf.vault_plugin.approle_secret_id,
+            vault_kv_mountpoint=conf.vault_plugin.kv_mountpoint,
             vault_url=conf.vault_plugin.vault_url,
             vault_ssl_ca_crt_file=conf.vault_plugin.ssl_ca_crt_file,
             vault_use_ssl=conf.vault_plugin.use_ssl