diff --git a/docs/ddayconfig.yml b/docs/ddayconfig.yml
index df7092a..d053a51 100644
--- a/docs/ddayconfig.yml
+++ b/docs/ddayconfig.yml
@@ -54,6 +54,10 @@ backends:
     # be logged to stdout. You probably only want this if you're debugging.
     #trace: true
 
+    # (string) An optional Vault enterprise namespace to use for all Vault
+    # requests.
+    #namespace: "my-namespace"
+
     # (hash) Options for authorizing to Vault
     # Must either provide "token" for Token auth or "role_id" and "secret_id" for AppRole
     # If a token is given, it should either have no expiry or be renewable.
diff --git a/storage/vault.go b/storage/vault.go
index 67133e1..7e9a289 100644
--- a/storage/vault.go
+++ b/storage/vault.go
@@ -34,6 +34,7 @@ type VaultConfig struct {
 	Address            string `yaml:"address"`
 	InsecureSkipVerify bool   `yaml:"insecure_skip_verify"`
 	CACerts            string `yaml:"ca_certs"`
+	Namespace          string `yaml:"namespace"`
 	BasePath           string `yaml:"base_path"`
 	Trace              bool   `yaml:"trace"`
 	Auth               struct {
@@ -97,7 +98,8 @@ func newVaultAccessor(conf VaultConfig) (*VaultAccessor, vaultAuthMetadata, erro
 				MaxIdleConnsPerHost: runtime.NumCPU(),
 			},
 		},
-		Trace: tracer,
+		Namespace: conf.Namespace,
+		Trace:     tracer,
 	}
 
 	authType := vaultAuthToken