diff --git a/vault/config.sls b/vault/config.sls
index 899ff60..9806f55 100644
--- a/vault/config.sls
+++ b/vault/config.sls
@@ -6,7 +6,8 @@ vault-config:
     - source: salt://vault/files/config.hcl
     - template: jinja
     - context:
-        statepath: {{ slspath }}
+        self_signed_cert: {{ vault.self_signed_cert }}
+        config: {{ vault.config }}
     - user: {{ vault.user }}
     - group: {{ vault.group }}
     - mode: 0640
diff --git a/vault/files/config.hcl b/vault/files/config.hcl
index affac96..d3b9cc5 100644
--- a/vault/files/config.hcl
+++ b/vault/files/config.hcl
@@ -1,35 +1,35 @@
-listener "{{ vault.config.listen_protocol }}" {
-  address = "{{ vault.config.listen_address }}:{{ vault.config.listen_port }}"
-  tls_disable = {{ vault.config.tls_disable }}
-{%- if vault.self_signed_cert.enabled %}
-  tls_cert_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}.pem"
-  tls_key_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}-nopass.key"
+listener "{{ config.listen_protocol }}" {
+  address = "{{ config.listen_address }}:{{ config.listen_port }}"
+  tls_disable = {{ config.tls_disable }}
+{%- if self_signed_cert.enabled %}
+  tls_cert_file = "/etc/vault/{{ self_signed_cert.hostname }}.pem"
+  tls_key_file = "/etc/vault/{{ self_signed_cert.hostname }}-nopass.key"
 {% else -%}
-{%- if vault.config.tls_cert_file %}
-  tls_cert_file = "{{ vault.config.tls_cert_file }}"
+{%- if config.tls_cert_file %}
+  tls_cert_file = "{{ config.tls_cert_file }}"
 {% endif -%}
-{%- if vault.config.tls_key_file %}
-  tls_key_file = "{{ vault.config.tls_key_file }}"
+{%- if config.tls_key_file %}
+  tls_key_file = "{{ config.tls_key_file }}"
 {% endif -%}
 {% endif %}
 }
 
-{%- if vault.config.backend and vault.config.backend.type == "s3" %}
+{%- if config.backend and config.backend.type == "s3" %}
 backend "s3" {
-  bucket = "{{ vault.config.backend.bucket }}"
+  bucket = "{{ config.backend.bucket }}"
 }
 {% endif -%}
 
-{%- if vault.config.storage and vault.config.storage.type == "consul" %}
+{%- if config.storage and config.storage.type == "consul" %}
 storage "consul" {
-  address = "{{ vault.config.storage.address }}"
-  path = "{{ vault.config.storage.path }}"
+  address = "{{ config.storage.address }}"
+  path = "{{ config.storage.path }}"
 }
 {%- else %}
 storage "file" {
-  path = "{{ vault.config.data_dir }}"
+  path = "{{ config.data_dir }}"
 }
 {% endif -%}
 
-default_lease_ttl="{{ vault.config.default_lease_ttl }}"
-max_lease_ttl="{{ vault.config.max_lease_ttl }}"
+default_lease_ttl="{{ config.default_lease_ttl }}"
+max_lease_ttl="{{ config.max_lease_ttl }}"
diff --git a/vault/files/vault.service b/vault/files/vault.service
index f8c74a0..0693a8a 100644
--- a/vault/files/vault.service
+++ b/vault/files/vault.service
@@ -1,13 +1,13 @@
 [Unit]
 Description=vault server
 Requires=network-online.target
-After=network-online.target{% if vault.config.storage and vault.config.storage.type == "consul" %} consul.service{% endif %}
+After=network-online.target{% if config.storage and config.storage.type == "consul" %} consul.service{% endif %}
 
 [Service]
 EnvironmentFile=-/etc/sysconfig/vault
 User={{ user }}
 Group={{ group }}
-ExecStart=/usr/local/bin/vault server {% if vault.config.dev_mode %}-dev{% else %}-config="/etc/vault.d/config.hcl"{% endif %}
+ExecStart=/usr/local/bin/vault server {% if config.dev_mode %}-dev{% else %}-config="/etc/vault.d/config.hcl"{% endif %}
 ExecReload=/bin/kill -signal HUP $MAINPID
 ExecStop=/usr/local/bin/vault operator step-down
 Restart=on-failure
diff --git a/vault/service.sls b/vault/service.sls
index 2b44ee4..a8295eb 100644
--- a/vault/service.sls
+++ b/vault/service.sls
@@ -42,7 +42,7 @@ vault-init-file:
     - context:
         user: {{ vault.user }}
         group: {{ vault.group }}
-        statepath: {{ slspath }}
+        config: {{ vault.config }}
     - mode: 0644
     {%- elif salt['test.provider']('service') == 'upstart' %}
     - source: salt://{{ slspath }}/files/vault.upstart