diff --git a/R/az_vault.R b/R/az_vault.R
index 0b8c1f1..08f3e30 100644
--- a/R/az_vault.R
+++ b/R/az_vault.R
@@ -56,7 +56,7 @@ public=list(
     },
         
     get_vault_endpoint=function(tenant=self$token$tenant, app=self$token$client$client_id,
-        password=self$token$client$client_secret, ...)
+                                password=self$token$client$client_secret, ...)
     {
         url <- self$properties$vaultUri
         vault_endpoint$new(url=url, tenant=tenant, app=app, password=password, ...)
diff --git a/R/utils.R b/R/utils.R
index e12f223..462b2bf 100644
--- a/R/utils.R
+++ b/R/utils.R
@@ -1,4 +1,14 @@
-process_headers <- function(token, host, ...)
+call_vault_url <- function(token, url, ...,
+                           http_verb=c("GET", "DELETE", "PUT", "POST", "HEAD", "PATCH"),
+                           http_status_handler=c("stop", "warn", "message", "pass"))
+{
+    headers <- process_headers(token, ...)
+    res <- httr::VERB(match.arg(http_verb), url, headers, ...)
+    process_response(res, match.arg(http_status_handler))
+}
+
+
+process_headers <- function(token, ...)
 {
     # if token has expired, renew it
     if(is_azure_token(token) && !token$validate())
@@ -8,7 +18,7 @@ process_headers <- function(token, host, ...)
     }
 
     creds <- token$credentials
-    headers <- c(Host=host, Authorization=paste(creds$token_type, creds$access_token))
+    headers <- c(Authorization=paste(creds$token_type, creds$access_token))
 
     # default content-type is json, set this if encoding not specified
     dots <- list(...)
@@ -63,3 +73,5 @@ construct_path <- function(...)
 {
     sub("/$", "", file.path(..., fsep="/"))
 }
+
+
diff --git a/R/vault_endpoint.R b/R/vault_endpoint.R
index 7465515..96b7dd6 100644
--- a/R/vault_endpoint.R
+++ b/R/vault_endpoint.R
@@ -33,13 +33,14 @@ vault_endpoint <- R6::R6Class("vault_endpoint", public=list(
 
     list_keys=function()
     {
-        self$call_endpoint("keys")
+        lst <- self$call_endpoint("keys")
+        private$get_paged_list(lst)
     },
 
     create_secret=function()
     {},
 
-    get_secret=function()
+    get_secret=function(name, version, which=NULL)
     {},
 
     delete_secret=function()
@@ -47,7 +48,8 @@ vault_endpoint <- R6::R6Class("vault_endpoint", public=list(
 
     list_secrets=function()
     {
-        self$call_endpoint("secrets")
+        lst <- self$call_endpoint("secrets")
+        private$get_paged_list(lst)
     },
 
     create_certificate=function()
@@ -61,20 +63,31 @@ vault_endpoint <- R6::R6Class("vault_endpoint", public=list(
 
     list_certificates=function()
     {
-        self$call_endpoint("certificates")
+        lst <- self$call_endpoint("certificates")
+        private$get_paged_list(lst)
     },
 
     call_endpoint=function(op="", ..., options=list(),
-                              api_version=getOption("azure_keyvault_api_version"),
-                              http_verb=c("GET", "DELETE", "PUT", "POST", "HEAD", "PATCH"),
-                              http_status_handler=c("stop", "warn", "message", "pass"))
+                           api_version=getOption("azure_keyvault_api_version"))
     {
         url <- self$url
         url$path <- op
         url$query <- utils::modifyList(list(`api-version`=api_version), options)
 
-        headers <- process_headers(self$token, self$url$hostname, ...)
-        res <- httr::VERB(match.arg(http_verb), url, headers, ...)
-        process_response(res, match.arg(http_status_handler))
+        call_vault_url(self$token, url, ...)
+    }
+),
+
+private=list(
+
+    get_paged_list=function(lst, next_link_name="nextLink", value_name="value")
+    {
+        res <- lst[[value_name]]
+        while(!is_empty(lst[[next_link_name]]))
+        {
+            lst <- call_vault_url(self$token, lst[[next_link_name]])
+            res <- c(res, lst[[value_name]])
+        }
+        res
     }
 ))