diff --git a/example/images/onlyoffice-docserver/Dockerfile b/example/images/onlyoffice-docserver/Dockerfile
index 46905f3..524f6af 100644
--- a/example/images/onlyoffice-docserver/Dockerfile
+++ b/example/images/onlyoffice-docserver/Dockerfile
@@ -1,4 +1,4 @@
-FROM danielberteaud/alma:9.24.2-1
+FROM danielberteaud/alma:9.24.3-1
 MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
 
 ARG OO_VERSION=8.0.1
diff --git a/example/init/vault-database b/example/init/vault-database
index 19d0197..3447e14 100755
--- a/example/init/vault-database
+++ b/example/init/vault-database
@@ -2,7 +2,7 @@
 
 set -euo pipefail
 
-vault write /database/roles/onlyoffice \
+vault write database/roles/onlyoffice \
     db_name="postgres" \
     creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
         GRANT \"onlyoffice\" TO \"{{name}}\"; \
diff --git a/example/onlyoffice-docserver.nomad.hcl b/example/onlyoffice-docserver.nomad.hcl
index bf6e5ee..bd8fbde 100644
--- a/example/onlyoffice-docserver.nomad.hcl
+++ b/example/onlyoffice-docserver.nomad.hcl
@@ -127,8 +127,8 @@ job "onlyoffice" {
       template {
         data        = <<_EOT
 LANG=fr_FR.utf8
-OO_JWT_TOKEN={{ with secret "/kv/service/onlyoffice" }}{{ .Data.data.jwt_token }}{{ end }}
-OO_STORAGE_SECRET={{ with secret "/kv/service/onlyoffice" }}{{ .Data.data.storage_secret }}{{ end }}
+OO_JWT_TOKEN={{ with secret "kv/service/onlyoffice" }}{{ .Data.data.jwt_token }}{{ end }}
+OO_STORAGE_SECRET={{ with secret "kv/service/onlyoffice" }}{{ .Data.data.storage_secret }}{{ end }}
 TZ=Europe/Paris
 _EOT
         destination = "secrets/.env"
@@ -143,8 +143,8 @@ _EOT
 OO_DB_NAME='onlyoffice'
 OO_DB_HOST=127.0.0.1
 OO_DB_PORT=5432
-OO_DB_USER={{ with secret "/database/creds/onlyoffice" }}{{ .Data.username }}{{ end }}
-OO_DB_PASS={{ with secret "/database/creds/onlyoffice" }}{{ .Data.password }}{{ end }}
+OO_DB_USER={{ with secret "database/creds/onlyoffice" }}{{ .Data.username }}{{ end }}
+OO_DB_PASS={{ with secret "database/creds/onlyoffice" }}{{ .Data.password }}{{ end }}
 _EOT
         destination = "secrets/.db.env"
         uid         = 100000
@@ -189,7 +189,7 @@ _EOT
       user   = 1053
 
       config {
-        image           = "danielberteaud/wait-for:24.2-1"
+        image           = "danielberteaud/wait-for:24.3-1"
         readonly_rootfs = true
         pids_limit      = 20
       }
diff --git a/example/prep.d/20-rand-keys.sh b/example/prep.d/20-rand-keys.sh
index 91035a4..042df74 100755
--- a/example/prep.d/20-rand-keys.sh
+++ b/example/prep.d/20-rand-keys.sh
@@ -5,7 +5,7 @@ set -euo pipefail
 # vim: syntax=sh
 
 export LC_ALL=C
-VAULT_KV_PATH=/kv/service/onlyoffice
+VAULT_KV_PATH=kv/service/onlyoffice
 RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50"
 if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then
   vault kv put ${VAULT_KV_PATH} \
diff --git a/example/vault/policies/onlyoffice.hcl b/example/vault/policies/onlyoffice.hcl
index eb9e651..cc7be4b 100644
--- a/example/vault/policies/onlyoffice.hcl
+++ b/example/vault/policies/onlyoffice.hcl
@@ -1,8 +1,8 @@
-path "/kv/data/service/onlyoffice" {
+path "kv/data/service/onlyoffice" {
   capabilities = ["read"]
 }
 
-path "/database/creds/onlyoffice" {
+path "database/creds/onlyoffice" {
   capabilities = ["read"]
 }