diff --git a/docs/index.rst b/docs/index.rst
index c206d01..f36c880 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -109,7 +109,8 @@ This array contains an element named ``keys``, whose value is an array of the se
 
     [
         "keys": [
-            "hello"
+            "hello",
+            "world"
         ]
     ]
 Fetching a secret
@@ -149,6 +150,78 @@ Fetching a secret
 
     $data = $response->getData(); // Raw array with secret's content.
 
+    // ...
+Secrets Engines overlays
+==================
+Each secret engine (such as Key/Value [versions 1/2], Cubbyhole, Transit, etc.) comes with a different APIs.
+Overlays provide a way to use secret engine without worrying about underlaying path structure, in a more object-oriented way.
+
+To use one, simply create new instance while specifying authenticated Vault client and path at which it is located:
+
+.. code-block:: php
+
+    <?php
+
+    use Vault\AuthenticationStrategies\TokenAuthenticationStrategy;
+    use Vault\Client;
+    use Vault\SecretsEngines\KeyValueVersion2SecretsEngine;
+    use Laminas\Diactoros\RequestFactory;
+    use Laminas\Diactoros\StreamFactory;
+    use Laminas\Diactoros\Uri;
+
+    // Creating the client
+    $client = new Client(
+        new Uri('http://127.0.0.1:8200'),
+        new \AlexTartan\GuzzlePsr18Adapter\Client(),
+        new RequestFactory(),
+        new StreamFactory()
+    ); // Using alextartan/guzzle-psr18-adapter and laminas/laminas-diactoros
+
+    // Authenticating using token auth backend.
+    // Request exception could appear here.
+    $authenticated = $client
+        ->setAuthenticationStrategy(new TokenAuthenticationStrategy('463763ae-0c3b-ff77-e137-af668941465c'))
+        ->authenticate();
+
+    if (!$authenticated) {
+        // Throw an exception or handle authentication failure.
+    }
+
+    // Create an instance of KV2 secret engine overlay, mounted at path "secret" using authenticated client
+    $kv2 = new KeyValueVersion2SecretsEngine($client, 'secret');
+
+List secret keys
+----------------
+
+.. code-block:: php
+
+    // Request exception could appear here.
+    /** @var \Vault\ResponseModels\KeyValueVersion2\ListResponse $response */
+    $response = $kv2->list(''); // Corresponds to calling $client->keys('/secret/metadata/')
+    $keys = $response->getKeys(); // Raw array of secret's keys
+
+Notice, that secret engine overlay knows structure of Vault response, so it can parse and objectify it.
+It means you don't have to look for "keys" index in raw data array as before. On success, $keys would be equal to:
+
+.. code-block:: php
+
+    [
+        "hello",
+        "world"    
+    ]
+
+Fetching a secret
+----------------
+
+.. code-block:: php
+
+    // Request exception could appear here.
+    /** @var \Vault\ResponseModels\KeyValueVersion2\ReadResponse $response */
+    $response = $kv2->read('database'); // Corresponds to calling $client->read('secret/data/database');
+
+    $data = $response->getData(); // Raw array with secret's content.
+    $metadata = $response->getMetadata(); // Object containing KV2 secret version metadata
+
     // ...
 
 Indices and tables
diff --git a/src/BaseClient.php b/src/BaseClient.php
index 7b28243..ef2f796 100644
--- a/src/BaseClient.php
+++ b/src/BaseClient.php
@@ -25,9 +25,9 @@
  */
 abstract class BaseClient implements LoggerAwareInterface
 {
-    public const VERSION_1 = 'v1';
-
     use LoggerAwareTrait;
+    
+    public const VERSION_1 = 'v1';
 
     /**
      * @var string
@@ -40,7 +40,7 @@ abstract class BaseClient implements LoggerAwareInterface
     protected $token;
 
     /**
-     * @var Namespace
+     * @var string
      */
     protected $namespace;
 
@@ -116,9 +116,10 @@ public function head(string $path): Response
      */
     public function send(string $method, string $path, string $body = ''): ResponseInterface
     {
+        $method = strtoupper($method);
         $headers = [
             'User-Agent' => 'VaultPHP/1.0.0',
-            'Content-Type' => 'application/json',
+            'Content-Type' => ($method === 'PATCH' ? 'application/merge-patch+json' : 'application/json'),
         ];
 
         if ($this->token) {
@@ -134,7 +135,7 @@ public function send(string $method, string $path, string $body = ''): ResponseI
             $this->baseUri = $this->baseUri->withQuery($query);
         }
 
-        $request = $this->requestFactory->createRequest(strtoupper($method), $this->baseUri->withPath($path));
+        $request = $this->requestFactory->createRequest($method, $this->baseUri->withPath($path));
 
         foreach ($headers as $name => $value) {
             $request = $request->withHeader($name, $value);
@@ -309,7 +310,7 @@ public function setToken(Token $token)
     }
 
     /**
-     * @return Namespace
+     * @return string
      */
     public function getNamespace(): string
     {
@@ -317,7 +318,7 @@ public function getNamespace(): string
     }
 
     /**
-     * @param String $namespace
+     * @param string $namespace
      *
      * @return $this
      */
diff --git a/src/BaseObject.php b/src/BaseObject.php
index 9ac5170..f1191a9 100644
--- a/src/BaseObject.php
+++ b/src/BaseObject.php
@@ -2,15 +2,16 @@
 
 namespace Vault;
 
-use RuntimeException;
+use Vault\Exceptions\RuntimeException;
 use Vault\Helpers\ArrayHelper;
+use Vault\Helpers\ModelHelper;
 
 /**
- * Class Object
+ * Class BaseObject
  *
  * @package Vault
  */
-class BaseObject
+class BaseObject implements \JsonSerializable
 {
     /**
      * Object constructor.
@@ -193,4 +194,14 @@ public function getFields(): array
 
         return $result;
     }
+
+    /**
+     * @return array
+     * 
+     * @throws RuntimeException
+     */
+    public function jsonSerialize(): array
+    {
+        return ModelHelper::snakelize($this->toArray(), false);
+    }
 }
diff --git a/src/Builders/KeyValueVersion1/ListResponseBuilder.php b/src/Builders/KeyValueVersion1/ListResponseBuilder.php
new file mode 100644
index 0000000..1556014
--- /dev/null
+++ b/src/Builders/KeyValueVersion1/ListResponseBuilder.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace Vault\Builders\KeyValueVersion1;
+
+use Vault\Helpers\ModelHelper;
+use Vault\ResponseModels\KeyValueVersion1\ListResponse;
+use Vault\ResponseModels\Response;
+
+/**
+ * Class ListResponseBuilder
+ *
+ * @package Vault\Builder\KeyValueVersion1
+ */
+class ListResponseBuilder
+{
+    /**
+     * @param Response $response
+     *
+     * @return ListResponse
+     */
+    public static function build(Response $response): ListResponse
+    {
+        $data = $response->getData();
+        
+        return new ListResponse(ModelHelper::camelize($data, false));
+    }
+}
diff --git a/src/Builders/KeyValueVersion2/ListResponseBuilder.php b/src/Builders/KeyValueVersion2/ListResponseBuilder.php
new file mode 100644
index 0000000..c49912c
--- /dev/null
+++ b/src/Builders/KeyValueVersion2/ListResponseBuilder.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace Vault\Builders\KeyValueVersion2;
+
+use Vault\Helpers\ModelHelper;
+use Vault\ResponseModels\KeyValueVersion2\ListResponse;
+use Vault\ResponseModels\Response;
+
+/**
+ * Class ListResponseBuilder
+ *
+ * @package Vault\Builder\KeyValueVersion2
+ */
+class ListResponseBuilder
+{
+    /**
+     * @param Response $response
+     *
+     * @return ListResponse
+     */
+    public static function build(Response $response): ListResponse
+    {
+        $data = $response->getData();
+        
+        return new ListResponse(ModelHelper::camelize($data, false));
+    }
+}
diff --git a/src/Builders/KeyValueVersion2/ReadConfigurationResponseBuilder.php b/src/Builders/KeyValueVersion2/ReadConfigurationResponseBuilder.php
new file mode 100644
index 0000000..93e5dcf
--- /dev/null
+++ b/src/Builders/KeyValueVersion2/ReadConfigurationResponseBuilder.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace Vault\Builders\KeyValueVersion2;
+
+use Vault\Helpers\ModelHelper;
+use Vault\Models\KeyValueVersion2\Configuration;
+use Vault\ResponseModels\Response;
+
+/**
+ * Class ReadConfigurationResponseBuilder
+ *
+ * @package Vault\Builder\KeyValueVersion2
+ */
+class ReadConfigurationResponseBuilder
+{
+    /**
+     * @param Response $response
+     *
+     * @return Configuration
+     */
+    public static function build(Response $response): Configuration
+    {
+        $data = $response->getData();
+        
+        return new Configuration(ModelHelper::camelize($data, false));
+    }
+}
diff --git a/src/Builders/KeyValueVersion2/ReadMetadataResponseBuilder.php b/src/Builders/KeyValueVersion2/ReadMetadataResponseBuilder.php
new file mode 100644
index 0000000..df699c3
--- /dev/null
+++ b/src/Builders/KeyValueVersion2/ReadMetadataResponseBuilder.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace Vault\Builders\KeyValueVersion2;
+
+use Vault\Helpers\ModelHelper;
+use Vault\ResponseModels\KeyValueVersion2\ReadMetadataResponse;
+use Vault\ResponseModels\KeyValueVersion2\VersionMetadata;
+use Vault\ResponseModels\Response;
+
+/**
+ * Class ReadMetadataResponseBuilder
+ *
+ * @package Vault\Builder\KeyValueVersion2
+ */
+class ReadMetadataResponseBuilder
+{
+    /**
+     * @param Response $response
+     *
+     * @return ReadMetadataResponse
+     */
+    public static function build(Response $response): ReadMetadataResponse
+    {
+        $data = $response->getData();
+        
+        $versions = [];
+        foreach ($data['versions'] as $versionNumber => $versionData) {
+            $versionData['custom_metadata'] = $data['custom_metadata'] ?? null;
+            $versionData['version'] = $versionNumber;
+            $versions[$versionNumber] = new VersionMetadata(ModelHelper::camelize($versionData, false));
+        }
+        $data['versions'] = $versions;
+        
+        return new ReadMetadataResponse(ModelHelper::camelize($data, false));
+    }
+}
diff --git a/src/Builders/KeyValueVersion2/ReadResponseBuilder.php b/src/Builders/KeyValueVersion2/ReadResponseBuilder.php
new file mode 100644
index 0000000..95e6677
--- /dev/null
+++ b/src/Builders/KeyValueVersion2/ReadResponseBuilder.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace Vault\Builders\KeyValueVersion2;
+
+use Vault\Helpers\ModelHelper;
+use Vault\ResponseModels\KeyValueVersion2\ReadResponse;
+use Vault\ResponseModels\KeyValueVersion2\VersionMetadata;
+use Vault\ResponseModels\Response;
+
+/**
+ * Class ReadResponseBuilder
+ *
+ * @package Vault\Builder\KeyValueVersion2
+ */
+class ReadResponseBuilder
+{
+    /**
+     * @param Response $response
+     *
+     * @return ReadResponse
+     */
+    public static function build(Response $response): ReadResponse
+    {
+        $data = $response->getData();
+        
+        $data['metadata'] = new VersionMetadata(ModelHelper::camelize($data['metadata'], false));
+        
+        return new ReadResponse($data);
+    }
+}
diff --git a/src/Builders/KeyValueVersion2/ReadSubkeysResponseBuilder.php b/src/Builders/KeyValueVersion2/ReadSubkeysResponseBuilder.php
new file mode 100644
index 0000000..f9176f5
--- /dev/null
+++ b/src/Builders/KeyValueVersion2/ReadSubkeysResponseBuilder.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace Vault\Builders\KeyValueVersion2;
+
+use Vault\Helpers\ModelHelper;
+use Vault\ResponseModels\KeyValueVersion2\ReadSubkeysResponse;
+use Vault\ResponseModels\KeyValueVersion2\VersionMetadata;
+use Vault\ResponseModels\Response;
+
+/**
+ * Class ReadSubkeysResponseBuilder
+ *
+ * @package Vault\Builder\KeyValueVersion2
+ */
+class ReadSubkeysResponseBuilder
+{
+    /**
+     * @param Response $response
+     *
+     * @return ReadSubkeysResponse
+     */
+    public static function build(Response $response): ReadSubkeysResponse
+    {
+        $data = $response->getData();
+        
+        $data['metadata'] = new VersionMetadata(ModelHelper::camelize($data['metadata'], false));
+        
+        return new ReadSubkeysResponse($data);
+    }
+}
diff --git a/src/Builders/KeyValueVersion2/VersionMetadataResponseBuilder.php b/src/Builders/KeyValueVersion2/VersionMetadataResponseBuilder.php
new file mode 100644
index 0000000..dd38b34
--- /dev/null
+++ b/src/Builders/KeyValueVersion2/VersionMetadataResponseBuilder.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace Vault\Builders\KeyValueVersion2;
+
+use Vault\Helpers\ModelHelper;
+use Vault\ResponseModels\KeyValueVersion2\VersionMetadata;
+use Vault\ResponseModels\Response;
+
+/**
+ * Class VersionMetadataResponseBuilder
+ *
+ * @package Vault\Builder\KeyValueVersion2
+ */
+class VersionMetadataResponseBuilder
+{
+    /**
+     * @param Response $response
+     *
+     * @return VersionMetadata
+     */
+    public static function build(Response $response): VersionMetadata
+    {
+        $data = $response->getData();
+        
+        return new VersionMetadata(ModelHelper::camelize($data, false));
+    }
+}
diff --git a/src/Helpers/ModelHelper.php b/src/Helpers/ModelHelper.php
index fe0d7aa..d0ac12f 100644
--- a/src/Helpers/ModelHelper.php
+++ b/src/Helpers/ModelHelper.php
@@ -2,8 +2,10 @@
 
 namespace Vault\Helpers;
 
+use Vault\Exceptions\RuntimeException;
+
 /**
- * Class Model
+ * Class ModelHelper
  *
  * @package Vault\Helper
  */
@@ -36,4 +38,41 @@ private static function camelizeString(string $data): string
 
         return lcfirst($camelizedString);
     }
+
+    /**
+     * @param array $data
+     * @param bool $recursive
+     *
+     * @return array
+     * 
+     * @throws RuntimeException
+     */
+    public static function snakelize(array $data, $recursive = true): array
+    {
+        $return = [];
+
+        foreach ($data as $key => $value) {
+            if (is_array($value) && $recursive) {
+                $value = self::snakelize($value, $recursive);
+            }
+
+            $return[self::snakelizeString($key)] = $value;
+        }
+
+        return $return;
+    }
+
+    private static function snakelizeString(string $data): string
+    {
+        $snakelizedString = preg_replace('~(?<=\\w)([A-Z])~u', '_$1', $data);
+
+        if ($snakelizedString === null) {
+            throw new RuntimeException(sprintf(
+                'preg_replace returned null when trying to snakelize value "%s"',
+                $data
+            ));
+        }
+
+        return mb_strtolower($snakelizedString);
+    }
 }
diff --git a/src/Models/KeyValueVersion2/Configuration.php b/src/Models/KeyValueVersion2/Configuration.php
new file mode 100644
index 0000000..c2ec7be
--- /dev/null
+++ b/src/Models/KeyValueVersion2/Configuration.php
@@ -0,0 +1,106 @@
+<?php
+
+namespace Vault\Models\KeyValueVersion2;
+
+use Vault\BaseObject;
+
+/**
+ * Class Configuration
+ *
+ * @package Vault\Models\KeyValueVersion2
+ */
+class Configuration extends BaseObject
+{
+    /**
+     * If true all keys will require the cas parameter to be set on all write requests
+     * 
+     * @var bool
+     */
+    protected $casRequired = false;
+
+    /**
+     * Specifies the length of time before a version is deleted. Accepts duration format strings
+     * 
+     * @var string
+     */
+    protected $deleteVersionAfter = '0s';
+
+    /**
+     * The number of versions to keep per key. When 0 is used or the value is unset, Vault will keep 10 versions
+     * 
+     * @var int
+     */
+    protected $maxVersions = 0;
+
+    /**
+     * Get {@see $casRequired cas_required}
+     * 
+     * @return bool
+     */
+    public function isCasRequired(): bool
+    {
+        return $this->casRequired;
+    }
+
+    /**
+     * Set {@see $casRequired cas_required}
+     * 
+     * @param bool $casRequired
+     * 
+     * @return $this
+     */
+    public function setCasRequired(bool $casRequired): self
+    {
+        $this->casRequired = $casRequired;
+
+        return $this;
+    }
+
+    /**
+     * Get {@see $deleteVersionAfter delete_version_after}
+     * 
+     * @return string
+     */
+    public function getDeleteVersionAfter(): string
+    {
+        return $this->deleteVersionAfter;
+    }
+
+    /**
+     * Set {@see $deleteVersionAfter delete_version_after}
+     * 
+     * @param string $deleteVersionAfter
+     * 
+     * @return $this
+     */
+    public function setDeleteVersionAfter(string $deleteVersionAfter): self
+    {
+        $this->deleteVersionAfter = $deleteVersionAfter;
+
+        return $this;
+    }
+
+    /**
+     * Get {@see $maxVersions max_versions}
+     * 
+     * @return int
+     */
+    public function getMaxVersions(): int
+    {
+        return $this->maxVersions;
+    }
+
+    /**
+     * Set {@see $maxVersions max_versions}
+     * 
+     * @param int $maxVersions
+     * 
+     * @return $this
+     */
+    public function setMaxVersions(int $maxVersions): self
+    {
+        $this->maxVersions = $maxVersions;
+
+        return $this;
+    }
+}
diff --git a/src/Models/KeyValueVersion2/SecretMetadata.php b/src/Models/KeyValueVersion2/SecretMetadata.php
new file mode 100644
index 0000000..970d263
--- /dev/null
+++ b/src/Models/KeyValueVersion2/SecretMetadata.php
@@ -0,0 +1,42 @@
+<?php
+
+namespace Vault\Models\KeyValueVersion2;
+
+/**
+ * Class SecretMetadata
+ *
+ * @package Vault\Models\KeyValueVersion2
+ */
+class SecretMetadata extends Configuration
+{
+    /**
+     * A map of arbitrary string to string valued user-provided metadata meant to describe the secret
+     * 
+     * @var array|null
+     */
+    protected $customMetadata;
+
+    /**
+     * Get {@see $customMetadata custom_metadata}
+     * 
+     * @return array|null
+     */
+    public function getCustomMetadata(): ?array
+    {
+        return $this->customMetadata;
+    }
+
+    /**
+     * Set {@see $customMetadata custom_metadata}
+     * 
+     * @param array|null $customMetadata
+     * 
+     * @return $this
+     */
+    public function setCustomMetadata(?array $customMetadata): self
+    {
+        $this->customMetadata = $customMetadata;
+
+        return $this;
+    }
+}
diff --git a/src/Models/KeyValueVersion2/WriteOptions.php b/src/Models/KeyValueVersion2/WriteOptions.php
new file mode 100644
index 0000000..782918f
--- /dev/null
+++ b/src/Models/KeyValueVersion2/WriteOptions.php
@@ -0,0 +1,44 @@
+<?php
+
+namespace Vault\Models\KeyValueVersion2;
+
+use Vault\BaseObject;
+
+/**
+ * Class WriteOptions
+ *
+ * @package Vault\Models\KeyValueVersion2
+ */
+class WriteOptions extends BaseObject
+{
+    /**
+     * This flag is required if cas_required is set to true on either the secret or the engine's config. If not set the write will be allowed. In order for a write to be successful, cas must be set to the current version of the secret. If set to 0 a write will only be allowed if the key doesn't exist as unset keys do not have any version information.
+     * 
+     * @var int|null
+     */
+    protected $cas;
+
+    /**
+     * Get {@see $cas cas}
+     * 
+     * @return int|null
+     */
+    public function getCas(): ?int
+    {
+        return $this->cas;
+    }
+
+    /**
+     * Set {@see $cas cas}
+     * 
+     * @param int $cas
+     * 
+     * @return $this
+     */
+    public function setCas(?int $cas): self
+    {
+        $this->cas = $cas;
+
+        return $this;
+    }
+}
diff --git a/src/ResponseModels/KeyValueVersion1/ListResponse.php b/src/ResponseModels/KeyValueVersion1/ListResponse.php
new file mode 100644
index 0000000..504b3c8
--- /dev/null
+++ b/src/ResponseModels/KeyValueVersion1/ListResponse.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace Vault\ResponseModels\KeyValueVersion1;
+
+use Vault\BaseObject;
+
+/**
+ * Class ListResponse
+ *
+ * @package Vault\Model\KeyValueVersion1
+ */
+class ListResponse extends BaseObject
+{
+    /**
+     * @var array
+     */
+    protected $keys;
+    
+    /**
+     * @return array
+     */
+    public function getKeys(): array
+    {
+        return $this->keys;
+    }
+}
diff --git a/src/ResponseModels/KeyValueVersion2/ListResponse.php b/src/ResponseModels/KeyValueVersion2/ListResponse.php
new file mode 100644
index 0000000..294ab3c
--- /dev/null
+++ b/src/ResponseModels/KeyValueVersion2/ListResponse.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace Vault\ResponseModels\KeyValueVersion2;
+
+use Vault\BaseObject;
+
+/**
+ * Class ListResponse
+ *
+ * @package Vault\Model\KeyValueVersion2
+ */
+class ListResponse extends BaseObject
+{
+    /**
+     * @var array
+     */
+    protected $keys;
+    
+    /**
+     * @return array
+     */
+    public function getKeys(): array
+    {
+        return $this->keys;
+    }
+}
diff --git a/src/ResponseModels/KeyValueVersion2/ReadMetadataResponse.php b/src/ResponseModels/KeyValueVersion2/ReadMetadataResponse.php
new file mode 100644
index 0000000..37ac4b9
--- /dev/null
+++ b/src/ResponseModels/KeyValueVersion2/ReadMetadataResponse.php
@@ -0,0 +1,78 @@
+<?php
+
+namespace Vault\ResponseModels\KeyValueVersion2;
+
+use Vault\Models\KeyValueVersion2\SecretMetadata;
+
+/**
+ * Class ReadMetadataResponse
+ *
+ * @package Vault\Model\KeyValueVersion2
+ */
+class ReadMetadataResponse extends SecretMetadata
+{
+    /**
+     * @var string
+     */
+    protected $createdTime;
+
+    /**
+     * @var int
+     */
+    protected $currentVersion;
+
+    /**
+     * @var int
+     */
+    protected $oldestVersion;
+
+    /**
+     * @var string|null
+     */
+    protected $updatedTime;
+
+    /**
+     * @var VersionMetadata[]
+     */
+    protected $versions = [];
+
+    /**
+     * @return string
+     */
+    public function getCreatedTime(): string
+    {
+        return $this->createdTime;
+    }
+
+    /**
+     * @return int
+     */
+    public function getCurrentVersion(): int
+    {
+        return $this->currentVersion;
+    }
+
+    /**
+     * @return int
+     */
+    public function getOldestVersion(): int
+    {
+        return $this->oldestVersion;
+    }
+
+    /**
+     * @return string|null
+     */
+    public function getUpdatedTime(): ?string
+    {
+        return $this->updatedTime;
+    }
+
+    /**
+     * @return VersionMetadata[]
+     */
+    public function getVersions(): array
+    {
+        return $this->versions;
+    }
+}
diff --git a/src/ResponseModels/KeyValueVersion2/ReadResponse.php b/src/ResponseModels/KeyValueVersion2/ReadResponse.php
new file mode 100644
index 0000000..00fddde
--- /dev/null
+++ b/src/ResponseModels/KeyValueVersion2/ReadResponse.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace Vault\ResponseModels\KeyValueVersion2;
+
+use Vault\BaseObject;
+use Vault\ResponseModels\KeyValueVersion2\Traits\MetadataTrait;
+
+/**
+ * Class ReadResponse
+ *
+ * @package Vault\Model\KeyValueVersion2
+ */
+class ReadResponse extends BaseObject
+{
+    use MetadataTrait;
+
+    /**
+     * @var array
+     */
+    protected $data = [];
+    
+    /**
+     * @return array
+     */
+    public function getData(): array
+    {
+        return $this->data;
+    }
+}
diff --git a/src/ResponseModels/KeyValueVersion2/ReadSubkeysResponse.php b/src/ResponseModels/KeyValueVersion2/ReadSubkeysResponse.php
new file mode 100644
index 0000000..7660898
--- /dev/null
+++ b/src/ResponseModels/KeyValueVersion2/ReadSubkeysResponse.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace Vault\ResponseModels\KeyValueVersion2;
+
+use Vault\BaseObject;
+use Vault\ResponseModels\KeyValueVersion2\Traits\MetadataTrait;
+
+/**
+ * Class ReadSubkeysResponse
+ *
+ * @package Vault\Model\KeyValueVersion2
+ */
+class ReadSubkeysResponse extends BaseObject
+{
+    use MetadataTrait;
+
+    /**
+     * @var array
+     */
+    protected $subkeys = [];
+    
+    /**
+     * @return array
+     */
+    public function getSubkeys(): array
+    {
+        return $this->subkeys;
+    }
+}
diff --git a/src/ResponseModels/KeyValueVersion2/Traits/MetadataTrait.php b/src/ResponseModels/KeyValueVersion2/Traits/MetadataTrait.php
new file mode 100644
index 0000000..93703e9
--- /dev/null
+++ b/src/ResponseModels/KeyValueVersion2/Traits/MetadataTrait.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace Vault\ResponseModels\KeyValueVersion2\Traits;
+
+use Vault\ResponseModels\KeyValueVersion2\VersionMetadata;
+
+/**
+ * Class MetadataTrait
+ *
+ * @package Vault\Model\KeyValueVersion2
+ */
+trait MetadataTrait
+{
+    /**
+     * @var VersionMetadata
+     */
+    protected $metadata;
+    
+    /**
+     * @return VersionMetadata
+     */
+    public function getMetadata(): VersionMetadata
+    {
+        return $this->metadata;
+    }
+}
diff --git a/src/ResponseModels/KeyValueVersion2/VersionMetadata.php b/src/ResponseModels/KeyValueVersion2/VersionMetadata.php
new file mode 100644
index 0000000..b0dcb33
--- /dev/null
+++ b/src/ResponseModels/KeyValueVersion2/VersionMetadata.php
@@ -0,0 +1,78 @@
+<?php
+
+namespace Vault\ResponseModels\KeyValueVersion2;
+
+use Vault\BaseObject;
+
+/**
+ * Class VersionMetadata
+ *
+ * @package Vault\Model\KeyValueVersion2
+ */
+class VersionMetadata extends BaseObject
+{
+    /**
+     * @var string
+     */
+    protected $createdTime;
+
+    /**
+     * @var array|null
+     */
+    protected $customMetadata;
+
+    /**
+     * @var string|null
+     */
+    protected $deletionTime;
+
+    /**
+     * @var bool
+     */
+    protected $destroyed;
+
+    /**
+     * @var int
+     */
+    protected $version;
+
+    /**
+     * @return string
+     */
+    public function getCreatedTime(): string
+    {
+        return $this->createdTime;
+    }
+
+    /**
+     * @return array|null
+     */
+    public function getCustomMetadata(): ?array
+    {
+        return $this->customMetadata;
+    }
+
+    /**
+     * @return string|null
+     */
+    public function getDeletionTime(): ?string
+    {
+        return $this->deletionTime;
+    }
+
+    /**
+     * @return bool
+     */
+    public function isDestroyed(): bool
+    {
+        return $this->destroyed;
+    }
+
+    /**
+     * @return int
+     */
+    public function getVersion(): int
+    {
+        return $this->version;
+    }
+}
diff --git a/src/SecretsEngines/AbstractSecretsEngine.php b/src/SecretsEngines/AbstractSecretsEngine.php
new file mode 100644
index 0000000..a544651
--- /dev/null
+++ b/src/SecretsEngines/AbstractSecretsEngine.php
@@ -0,0 +1,78 @@
+<?php
+
+namespace Vault\SecretsEngines;
+
+use Vault\Client;
+use Vault\Exceptions\RuntimeException;
+
+/**
+ * Class AbstractSecretsEngine
+ *
+ * @package Vault\SecretsEngine
+ */
+abstract class AbstractSecretsEngine
+{
+    /**
+     * @var Client
+     */
+    protected $client;
+
+    /**
+     * @var string
+     */
+    protected $mount;
+
+    /**
+     * @param Client $client Authenticated Vault client
+     * @param string $mount Path to the secret engine (aka mount location)
+     */
+    public function __construct(Client $client, string $mount)
+    {
+        $this->client = $client;
+        if (empty($mount)) {
+            throw new RuntimeException('Secrets Engine require not-empty mount path');
+        }
+        if ($mount[0] !== '/') {
+            $mount = '/'.$mount;
+        }
+        $this->mount = $mount;
+    }
+
+    /**
+     * @param string $path Path of the secret
+     *
+     * @return string
+     */
+    public function buildPath(string $path): string
+    {
+        return sprintf('%s/%s', $this->client->buildPath($this->mount), $path);
+    }
+
+    /**
+     * @return Client
+     */
+    public function getClient(): Client
+    {
+        return $this->client;
+    }
+
+    /**
+     * @param Client $client
+     *
+     * @return $this
+     */
+    public function setClient(Client $client): self
+    {
+        $this->client = $client;
+
+        return $this;
+    }
+
+    /**
+     * @return string
+     */
+    public function getMount(): string
+    {
+        return $this->mount;
+    }
+}
diff --git a/src/SecretsEngines/CubbyholeSecretsEngine.php b/src/SecretsEngines/CubbyholeSecretsEngine.php
new file mode 100644
index 0000000..0dc803c
--- /dev/null
+++ b/src/SecretsEngines/CubbyholeSecretsEngine.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace Vault\SecretsEngines;
+
+use Vault\Client;
+
+/**
+ * Class CubbyholeSecretsEngine
+ *
+ * @link https://developer.hashicorp.com/vault/api-docs/secret/cubbyhole Cubbyhole Official Documentation
+ * 
+ * @package Vault\SecretsEngine
+ */
+class CubbyholeSecretsEngine extends KeyValueVersion1SecretsEngine
+{
+    /**
+     * @param Client $client Authenticated Vault client
+     */
+    public function __construct(Client $client)
+    {
+        parent::__construct(
+            $client,
+            '/cubbyhole'
+        );
+    }
+}
diff --git a/src/SecretsEngines/KeyValueVersion1SecretsEngine.php b/src/SecretsEngines/KeyValueVersion1SecretsEngine.php
new file mode 100644
index 0000000..6c4d315
--- /dev/null
+++ b/src/SecretsEngines/KeyValueVersion1SecretsEngine.php
@@ -0,0 +1,73 @@
+<?php
+
+namespace Vault\SecretsEngines;
+
+use Vault\Builders\KeyValueVersion1\ListResponseBuilder;
+use Vault\ResponseModels\KeyValueVersion1\ListResponse;
+use Vault\ResponseModels\Response;
+
+/**
+ * Class KeyValueVersion1SecretsEngine
+ *
+ * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v1 Key/Value Version 1 Official Documentation
+ *
+ * @package Vault\SecretsEngine
+ */
+class KeyValueVersion1SecretsEngine extends AbstractSecretsEngine
+{
+    /**
+     * Read specified secret
+     * 
+     * @param string $path Path of the secret
+     * @return Response
+     **/
+    public function read(string $path): Response
+    {
+        return $this->client->get(
+            parent::buildPath($path)
+        );
+    }
+
+    /**
+     * List secrets at specified path
+     * 
+     * @param string $path Path to list secrets from
+     * @return ListResponse
+     **/
+    public function list(string $path): ListResponse
+    {
+        return ListResponseBuilder::build(
+            $this->client->list(
+                parent::buildPath($path)
+            )
+        );
+    }
+
+    /**
+     * Create or update specified secret
+     * 
+     * @param string $path Path of the secret
+     * @param array $data Payload to write
+     * @return Response
+     **/
+    public function createOrUpdate(string $path, array $data = []): Response
+    {
+        return $this->client->post(
+            parent::buildPath($path),
+            json_encode($data)
+        );
+    }
+
+    /**
+     * Delete secret
+     * 
+     * @param string $path Path of the secret
+     * @return Response
+     **/
+    public function delete(string $path): Response
+    {
+        return $this->client->delete(
+            parent::buildPath($path)
+        );
+    }
+}
diff --git a/src/SecretsEngines/KeyValueVersion2SecretsEngine.php b/src/SecretsEngines/KeyValueVersion2SecretsEngine.php
new file mode 100644
index 0000000..6585543
--- /dev/null
+++ b/src/SecretsEngines/KeyValueVersion2SecretsEngine.php
@@ -0,0 +1,282 @@
+<?php
+
+namespace Vault\SecretsEngines;
+
+use Vault\Builders\KeyValueVersion2\ListResponseBuilder;
+use Vault\Builders\KeyValueVersion2\ReadConfigurationResponseBuilder;
+use Vault\Builders\KeyValueVersion2\ReadMetadataResponseBuilder;
+use Vault\Builders\KeyValueVersion2\ReadResponseBuilder;
+use Vault\Builders\KeyValueVersion2\ReadSubkeysResponseBuilder;
+use Vault\Builders\KeyValueVersion2\VersionMetadataResponseBuilder;
+use Vault\Models\KeyValueVersion2\Configuration;
+use Vault\Models\KeyValueVersion2\SecretMetadata;
+use Vault\Models\KeyValueVersion2\WriteOptions;
+use Vault\ResponseModels\KeyValueVersion2\ListResponse;
+use Vault\ResponseModels\KeyValueVersion2\ReadMetadataResponse;
+use Vault\ResponseModels\KeyValueVersion2\ReadResponse;
+use Vault\ResponseModels\KeyValueVersion2\ReadSubkeysResponse;
+use Vault\ResponseModels\KeyValueVersion2\VersionMetadata;
+use Vault\ResponseModels\Response;
+
+/**
+ * Class KeyValueVersion2SecretsEngine
+ *
+ * @link https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2 Key/Value Version 2 Official Documentation
+ *
+ * @package Vault\SecretsEngine
+ */
+class KeyValueVersion2SecretsEngine extends AbstractSecretsEngine
+{
+    /**
+     * Configure secrets engine
+     * 
+     * @param Configuration $config Configuration to set
+     * @return Response
+     **/
+    public function configure(Configuration $config): Response
+    {
+        return $this->client->post(
+            parent::buildPath('config'),
+            json_encode($config)
+        );
+    }
+
+    /**
+     * Read current secrets engine configuration
+     * 
+     * @return Configuration
+     **/
+    public function readConfiguration(): Configuration
+    {
+        return ReadConfigurationResponseBuilder::build(
+            $this->client->get(
+                parent::buildPath('config')
+            )
+        );
+    }
+
+    /**
+     * Read specified secret version
+     * 
+     * @param string $path Path of the secret
+     * @param int $version Version to read (0 = latest)
+     * @return ReadResponse
+     **/
+    public function read(string $path, int $version = 0): ReadResponse
+    {
+        return ReadResponseBuilder::build(
+            $this->client->get(
+                parent::buildPath(
+                    sprintf('data/%s?version=%d', $path, $version)
+                )
+            )
+        );
+    }
+
+    /**
+     * Create new version of a secret
+     * 
+     * @param string $path Path of the secret
+     * @param array $data Payload to write
+     * @param WriteOptions|null $options Write options
+     * @return VersionMetadata
+     **/
+    public function createOrUpdate(string $path, array $data = [], ?WriteOptions $options = null): VersionMetadata
+    {
+        $payload = [
+            'data' => $data,
+        ];
+        if ($options) {
+            $payload['options'] = $options;
+        }
+        return VersionMetadataResponseBuilder::build(
+            $this->client->post(
+                parent::buildPath('data/'.$path),
+                json_encode($payload)
+            )
+        );
+    }
+
+    /**
+     * Patch existing secret
+     * 
+     * @param string $path Path of the secret
+     * @param array $data Payload to write
+     * @param WriteOptions|null $options Write options
+     * @return VersionMetadata
+     **/
+    public function patch(string $path, array $data = [], ?WriteOptions $options = null): VersionMetadata
+    {
+        $payload = [
+            'data' => $data,
+        ];
+        if ($options) {
+            $payload['options'] = $options;
+        }
+        return VersionMetadataResponseBuilder::build(
+            $this->client->patch(
+                parent::buildPath('data/'.$path),
+                json_encode($payload)
+            )
+        );
+    }
+
+    /**
+     * Read subkeys within a secret
+     * 
+     * @param string $path Path of the secret
+     * @param int $version Version to read (0 = latest)
+     * @param int $depth Deepest nesting level (0 = no limit)
+     * @return ReadSubkeysResponse
+     **/
+    public function readSubkeys(string $path, int $version = 0, int $depth = 0): ReadSubkeysResponse
+    {
+        return ReadSubkeysResponseBuilder::build(
+            $this->client->get(
+                parent::buildPath(
+                    sprintf('subkeys/%s?version=%d&depth=%d', $path, $version, $depth)
+                )
+            )
+        );
+    }
+
+    /**
+     * Delete latest version of the secret
+     * 
+     * @param string $path Path of the secret
+     * @return Response
+     **/
+    public function deleteLatest(string $path): Response
+    {
+        return $this->client->delete(
+            parent::buildPath('data/'.$path)
+        );
+    }
+
+    /**
+     * Delete specified secret versions
+     * 
+     * @param string $path Path of the secret
+     * @param int[] $versions Versions to delete
+     * @return Response
+     **/
+    public function deleteVersions(string $path, array $versions = []): Response
+    {
+        $payload = [
+            'versions' => $versions
+        ];
+        return $this->client->post(
+            parent::buildPath('delete/'.$path),
+            json_encode($payload)
+        );
+    }
+
+    /**
+     * Undelete specified secret versions
+     * 
+     * @param string $path Path of the secret
+     * @param int[] $versions Versions to delete
+     * @return Response
+     **/
+    public function undeleteVersions(string $path, array $versions = []): Response
+    {
+        $payload = [
+            'versions' => $versions
+        ];
+        return $this->client->post(
+            parent::buildPath('undelete/'.$path),
+            json_encode($payload)
+        );
+    }
+
+    /**
+     * Destroy (hard delete) specified secret versions
+     * 
+     * @param string $path Path of the secret
+     * @param int[] $versions Versions to delete
+     * @return Response
+     **/
+    public function destroyVersions(string $path, array $versions = []): Response
+    {
+        $payload = [
+            'versions' => $versions
+        ];
+        return $this->client->put(
+            parent::buildPath('destroy/'.$path),
+            json_encode($payload)
+        );
+    }
+
+    /**
+     * List secrets at specified path
+     * 
+     * @param string $path Path to list secrets from
+     * @return ListResponse
+     **/
+    public function list(string $path): ListResponse
+    {
+        return ListResponseBuilder::build(
+            $this->client->list(
+                parent::buildPath('metadata/'.$path)
+            )
+        );
+    }
+
+    /**
+     * Read specified secret metadata
+     * 
+     * @param string $path Path of the secret
+     * @return ReadMetadataResponse
+     **/
+    public function readMetadata(string $path): ReadMetadataResponse
+    {
+        return ReadMetadataResponseBuilder::build(
+            $this->client->get(
+                parent::buildPath('metadata/'.$path)
+            )
+        );
+    }
+
+    /**
+     * Create or update specified secret metadata
+     * 
+     * @param string $path Path of the secret
+     * @param SecretMetadata $metadata Metadata to set
+     * @return Response
+     **/
+    public function createOrUpdateMetadata(string $path, SecretMetadata $metadata): Response
+    {
+        return $this->client->post(
+            parent::buildPath('metadata/'.$path),
+            json_encode($metadata)
+        );
+    }
+
+    /**
+     * Patch specified secret metadata
+     * 
+     * @param string $path Path of the secret
+     * @param array $metadata Metadata to set
+     * @return Response
+     **/
+    public function patchMetadata(string $path, array $metadata): Response
+    {
+        return $this->client->patch(
+            parent::buildPath('metadata/'.$path),
+            json_encode($metadata)
+        );
+    }
+
+    /**
+     * Delete metadata and all versions
+     * 
+     * @param string $path Path of the secret
+     * @return Response
+     **/
+    public function deleteMetadata(string $path): Response
+    {
+        return $this->client->delete(
+            parent::buildPath('metadata/'.$path)
+        );
+    }
+}