diff --git a/controllers/vaultstaticsecret_controller.go b/controllers/vaultstaticsecret_controller.go
index 7730b030..46432f06 100644
--- a/controllers/vaultstaticsecret_controller.go
+++ b/controllers/vaultstaticsecret_controller.go
@@ -8,6 +8,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"path/filepath"
 	"strings"
 	"time"
 
@@ -436,6 +437,16 @@ func (r *VaultStaticSecretReconciler) streamStaticSecretEvents(ctx context.Conte
 	// status
 	r.Recorder.Eventf(o, corev1.EventTypeNormal, consts.ReasonEventWatcherStarted, "Started watching events")
 
+	specPathPattern := strings.Join([]string{o.Spec.Mount, o.Spec.Path}, "/")
+	if o.Spec.Type == consts.KVSecretTypeV2 {
+		specPathPattern = strings.Join([]string{o.Spec.Mount, "*", o.Spec.Path}, "/")
+	}
+
+	specNamespace := strings.Trim(o.Spec.Namespace, "/")
+	if o.Spec.Namespace == "" {
+		specNamespace = strings.Trim(wsClient.Namespace(), "/")
+	}
+
 	for {
 		select {
 		case <-ctx.Done():
@@ -464,15 +475,16 @@ func (r *VaultStaticSecretReconciler) streamStaticSecretEvents(ctx context.Conte
 			if modified {
 				namespace := strings.Trim(messageMap.Data.Namespace, "/")
 				path := messageMap.Data.Event.Metadata.Path
-				specPath := strings.Join([]string{o.Spec.Mount, o.Spec.Path}, "/")
 
-				if o.Spec.Type == consts.KVSecretTypeV2 {
-					specPath = strings.Join([]string{o.Spec.Mount, "data", o.Spec.Path}, "/")
-				}
 				logger.V(consts.LogLevelTrace).Info("modified Event received from Vault",
-					"namespace", namespace, "path", path, "spec.namespace", o.Spec.Namespace,
-					"spec path", specPath)
-				if namespace == o.Spec.Namespace && path == specPath {
+					"namespace", namespace, "path", path, "spec.namespace", specNamespace,
+					"spec.path", specPathPattern)
+
+				pathMatched, err := filepath.Match(specPathPattern, path)
+				if err != nil {
+					return fmt.Errorf("failed to match secret paht: %w", err)
+				}
+				if namespace == specNamespace && pathMatched {
 					logger.V(consts.LogLevelDebug).Info("Event matches, sending requeue",
 						"namespace", namespace, "path", path)
 					r.SourceCh <- event.GenericEvent{
diff --git a/vault/websocket.go b/vault/websocket.go
index 50f745d1..0f76a90e 100644
--- a/vault/websocket.go
+++ b/vault/websocket.go
@@ -110,3 +110,9 @@ func (w *WebsocketClient) Connect(ctx context.Context) (*websocket.Conn, error)
 
 	return conn, nil
 }
+
+// Namespace returns the namespace associated with the client.
+// If no namespace is set, an empty string is returned.
+func (w *WebsocketClient) Namespace() string {
+	return w.Headers.Get(api.NamespaceHeaderName)
+}