diff --git a/pkg/vault/manager.go b/pkg/vault/manager.go
index e780efe..57f8503 100644
--- a/pkg/vault/manager.go
+++ b/pkg/vault/manager.go
@@ -154,7 +154,10 @@ func (m *DefaultManager) Save() error {
 
 func (m *DefaultManager) renewSecret(leaseID string) error {
 	secret, err := m.client.Sys().Renew(leaseID, int(m.lease.Seconds()))
-	if err != nil {
+	if err != nil || secret == nil {
+		if err == nil {
+			err = fmt.Errorf("secret is nil")
+		}
 		log.Errorf("error renewing lease: %s", err)
 		fatalError := checkFatalError(err)
 		if fatalError != nil {
@@ -189,7 +192,10 @@ func (m *DefaultManager) renewCertificate() error {
 
 func renewAuth(client *api.Client, renew int) error {
 	secret, err := client.Auth().Token().RenewSelf(renew)
-	if err != nil {
+	if err != nil || secret == nil {
+		if err == nil {
+			err = fmt.Errorf("secret is nil")
+		}
 		log.Errorf("error renewing token: %s", err)
 		fatalError := checkFatalError(err)
 		if fatalError != nil {
diff --git a/pkg/vault/providers.go b/pkg/vault/providers.go
index b500790..0cf99e4 100644
--- a/pkg/vault/providers.go
+++ b/pkg/vault/providers.go
@@ -49,7 +49,10 @@ func (c *VaultSecretsProvider) newCertificate() (*Certificate, error) {
 	}
 
 	secret, err := c.client.Logical().Write(c.path, params)
-	if err != nil {
+	if err != nil || secret == nil {
+		if err == nil {
+			return nil, fmt.Errorf("secret is nil")
+		}
 		return nil, err
 	}
 
@@ -73,7 +76,10 @@ func (c *VaultSecretsProvider) newCertificate() (*Certificate, error) {
 
 func (c *VaultSecretsProvider) newCredentials() (*Credentials, error) {
 	secret, err := c.client.Logical().Read(c.path)
-	if err != nil {
+	if err != nil || secret == nil {
+		if err == nil {
+			return nil, fmt.Errorf("secret is nil")
+		}
 		return nil, err
 	}