diff --git a/dependency/vault_read.go b/dependency/vault_read.go
index c2f837e4d..005e54980 100644
--- a/dependency/vault_read.go
+++ b/dependency/vault_read.go
@@ -212,9 +212,9 @@ func shimKVv2Path(rawPath, mountPath, clientNamespace string) string {
 		// Trim (mount path - client namespace) from the raw path
 		p := strings.TrimPrefix(rawPath, rawPathNsAndMountPath)
 
-		// Only add /data/ prefix to the path if neither /data/ or /metadata/ are
+		// Only add /data/ prefix to the path if neither /data/, or /metadata/ or /subkeys/ are
 		// present.
-		if strings.HasPrefix(p, "data/") || strings.HasPrefix(p, "metadata/") {
+		if strings.HasPrefix(p, "data/") || strings.HasPrefix(p, "metadata/") || strings.HasPrefix(p, "subkeys/") {
 			return rawPath
 		}
 
diff --git a/dependency/vault_read_test.go b/dependency/vault_read_test.go
index 9dc0daaaf..1ef0c03fe 100644
--- a/dependency/vault_read_test.go
+++ b/dependency/vault_read_test.go
@@ -706,7 +706,22 @@ func TestShimKVv2Path(t *testing.T) {
 			"secret/",
 			"secret/data/foometadata/foo/bar",
 			"",
-		}, {
+		},
+		{
+			"prefix not added to subkeys",
+			"secret/subkeys/foo",
+			"secret/",
+			"secret/subkeys/foo",
+			"",
+		},
+		{
+			"prefix added with subkeys* in subpath",
+			"secret/subkeysfoo/foo/bar",
+			"secret/",
+			"secret/data/subkeysfoo/foo/bar",
+			"",
+		},
+		{
 			"prefix added to mount path",
 			"secret/",
 			"secret/",