diff --git a/castellan/key_manager/vault_key_manager.py b/castellan/key_manager/vault_key_manager.py
index 1eb38360..ec198258 100644
--- a/castellan/key_manager/vault_key_manager.py
+++ b/castellan/key_manager/vault_key_manager.py
@@ -298,13 +298,18 @@ class VaultKeyManager(key_manager.KeyManager):
             msg = _("User is not authorized to use key manager.")
             raise exception.Forbidden(msg)
 
+        if length % 8:
+            msg = _("Length must be multiple of 8.")
+            raise ValueError(msg)
+
         key_id = uuid.uuid4().hex
-        key_value = os.urandom(length or 32)
+        key_value = os.urandom((length or 256) // 8)
         key = sym_key.SymmetricKey(algorithm,
-                                   length or 32,
+                                   length or 256,
                                    key_value,
                                    key_id,
                                    name or int(time.time()))
+
         return self._store_key_value(key_id, key)
 
     def store(self, context, key_value, **kwargs):
diff --git a/releasenotes/notes/fix-vault-create-key-b4340a3067cbd93c.yaml b/releasenotes/notes/fix-vault-create-key-b4340a3067cbd93c.yaml
new file mode 100644
index 00000000..246ac26e
--- /dev/null
+++ b/releasenotes/notes/fix-vault-create-key-b4340a3067cbd93c.yaml
@@ -0,0 +1,10 @@
+---
+fixes:
+  - |
+    Fixed VaultKeyManager.create_key() to consider the `length` param as bits
+    instead of bytes for the key length. This was causing a discrepancy between
+    keys generated by the HashiCorp Vault backend and the OpenStack Barbican
+    backend. Considering `km` as an instance of a key manager, the following
+    code `km.create_key(ctx, "AES", 256)` was generating a 256 bit AES key when
+    Barbican is configured as the backend, but generating a 2048 bit AES key
+    when Vault was configured as the backend.