diff --git a/example/images/mariadb-backup/Dockerfile b/example/images/mariadb-backup/Dockerfile
index 222540d..dd32ae8 100644
--- a/example/images/mariadb-backup/Dockerfile
+++ b/example/images/mariadb-backup/Dockerfile
@@ -1,4 +1,4 @@
-FROM danielberteaud/mariadb-client:24.2-1
+FROM danielberteaud/mariadb-client:24.3-1
 MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
 
 RUN set -eux &&\
diff --git a/example/init/vault-database b/example/init/vault-database
index 7dd98bc..59a38cb 100755
--- a/example/init/vault-database
+++ b/example/init/vault-database
@@ -3,21 +3,21 @@
 set -euo pipefail
 
 if [ "$(vault secrets list -format json | jq -r '.["database/"].type')" != "database" ]; then
-  vault secrets enable -path /database database
+  vault secrets enable -path database database
 fi
 
-if [ "$(vault list -format json /database/config | jq '.[] | test("^mariadb$")')" = "false" ]; then
-  vault write /database/config/mariadb \
+if [ "$(vault list -format json database/config | jq '.[] | test("^mariadb$")')" = "false" ]; then
+  vault write database/config/mariadb \
     plugin_name="mysql-database-plugin" \
     connection_url="{{username}}:{{password}}@tcp(mariadb.example.org:3306)/" \
     allowed_roles="*" \
     username=vault \
-    password="$(vault kv get -field vault_initial_pwd /kv/service/mariadb)" \
+    password="$(vault kv get -field vault_initial_pwd kv/service/mariadb)" \
     disable_escaping=true
-  vault write -force /database/rotate-root/mariadb
+  vault write -force database/rotate-root/mariadb
 fi
 
-vault write /database/roles/mariadb-admin \
+vault write database/roles/mariadb-admin \
     db_name="mariadb" \
     creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}'; \
         GRANT ALL PRIVILEGES ON *.* TO '{{name}}'@'%' WITH GRANT OPTION; \
diff --git a/example/manage.nomad.hcl b/example/manage.nomad.hcl
index 6f2cd71..5c2e5ca 100644
--- a/example/manage.nomad.hcl
+++ b/example/manage.nomad.hcl
@@ -58,7 +58,7 @@ job "mariadb-manage" {
       user   = 1053
 
       config {
-        image           = "danielberteaud/wait-for:24.2-1"
+        image           = "danielberteaud/wait-for:24.3-1"
         readonly_rootfs = true
         pids_limit      = 20
       }
@@ -84,7 +84,7 @@ job "mariadb-manage" {
       driver = "docker"
 
       config {
-        image           = "danielberteaud/mariadb-client:24.2-1"
+        image           = "danielberteaud/mariadb-client:24.3-1"
         pids_limit      = 50
         readonly_rootfs = true
         command         = "/local/manage.sh"
@@ -183,7 +183,7 @@ _EOT
 [client]
 host = 127.0.0.1
 user = root
-password = {{ with secret "/kv/service/mariadb" }}{{ .Data.data.root_pwd }}{{ end }}
+password = {{ with secret "kv/service/mariadb" }}{{ .Data.data.root_pwd }}{{ end }}
 _EOT
         destination = "secrets/my.cnf"
         uid         = 100100
@@ -193,7 +193,7 @@ _EOT
 
       template {
         data        = <<_EOT
-{{ with secret "/kv/service/mariadb" }}
+{{ with secret "kv/service/mariadb" }}
 VAULT_INITIAL_PASSWORD={{ .Data.data.vault_initial_pwd }}
 BACKUP_PASSWORD={{ .Data.data.backup_pwd }}
 {{ end }}
diff --git a/example/mariadb.nomad.hcl b/example/mariadb.nomad.hcl
index d95f30f..eda2df0 100644
--- a/example/mariadb.nomad.hcl
+++ b/example/mariadb.nomad.hcl
@@ -77,7 +77,7 @@ job "mariadb" {
       }
 
       config {
-        image      = "danielberteaud/mariadb:24.2-1"
+        image      = "danielberteaud/mariadb:24.3-1"
         pids_limit = 100
         command    = "/local/mysql_upgrade.sh"
       }
@@ -96,7 +96,7 @@ job "mariadb" {
 [client]
 user = root
 host = 127.0.0.1
-password = {{ with secret "/kv/service/mariadb" }}{{ .Data.data.root_pwd }}{{ end }}
+password = {{ with secret "kv/service/mariadb" }}{{ .Data.data.root_pwd }}{{ end }}
 _EOT
         destination = "secrets/.my.cnf"
         uid         = 100100
@@ -149,7 +149,7 @@ _EOT
       kill_timeout = "5m"
 
       config {
-        image = "danielberteaud/mariadb:24.2-1"
+        image = "danielberteaud/mariadb:24.3-1"
         volumes = [
           "secrets/:/etc/my.cnf.d",
           "secrets/my.conf:/var/lib/mysql/.my.cnf:ro",
@@ -177,7 +177,7 @@ _EOT
 
       template {
         data        = <<_EOT
-{{ with secret "/kv/service/mariadb" }}
+{{ with secret "kv/service/mariadb" }}
 MYSQL_ROOT_PASSWORD={{ .Data.data.root_pwd }}
 {{ end }}
 _EOT
@@ -192,7 +192,7 @@ _EOT
         data        = <<_EOT
 [client]
 user = root
-password = {{ with secret "/kv/service/mariadb" }}{{ .Data.data.root_pwd }}{{ end }}
+password = {{ with secret "kv/service/mariadb" }}{{ .Data.data.root_pwd }}{{ end }}
 _EOT
         destination = "secrets/my.conf"
         uid         = 100100
diff --git a/example/prep.d/10-rand-pwd.sh b/example/prep.d/10-rand-pwd.sh
index 6a049ff..fda75ed 100755
--- a/example/prep.d/10-rand-pwd.sh
+++ b/example/prep.d/10-rand-pwd.sh
@@ -5,7 +5,7 @@ set -euo pipefail
 # vim: syntax=sh
 
 export LC_ALL=C
-VAULT_KV_PATH=/kv/service/mariadb
+VAULT_KV_PATH=kv/service/mariadb
 RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50"
 if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then
   vault kv put ${VAULT_KV_PATH} \
diff --git a/example/vault/policies/mariadb.hcl b/example/vault/policies/mariadb.hcl
index 4380cee..349544e 100644
--- a/example/vault/policies/mariadb.hcl
+++ b/example/vault/policies/mariadb.hcl
@@ -1,3 +1,3 @@
-path "/kv/data/service/mariadb" {
+path "kv/data/service/mariadb" {
   capabilities = ["read"]
 }