diff --git a/manifests/image.pp b/manifests/image.pp
index f92a7ee4..01a1cb9e 100644
--- a/manifests/image.pp
+++ b/manifests/image.pp
@@ -132,6 +132,17 @@ class cloud::image(
     rbd_store_pool => $rbd_store_pool
   }
 
+  Ceph::Key <<| title == $glance_user |>>
+  if defined(Ceph::Key[$glance_user]) {
+    file { '/etc/ceph/ceph.client.glance.keyring':
+      owner   => 'glance',
+      group   => 'glance',
+      mode    => '0400',
+      require => Ceph::Key[$glance_user]
+    }
+  }
+  Concat::Fragment <<| title == 'ceph-client-os' |>>
+
   class { 'glance::cache::cleaner': }
   class { 'glance::cache::pruner': }
 
diff --git a/manifests/storage/rbd/pools.pp b/manifests/storage/rbd/pools.pp
index 11d8d739..0b44a37f 100644
--- a/manifests/storage/rbd/pools.pp
+++ b/manifests/storage/rbd/pools.pp
@@ -54,6 +54,61 @@ class cloud::storage::rbd::pools(
         require => Exec['create_cinder_volumes_pool'];
       }
 
+      concat::fragment { 'ceph-clients-os':
+        target  => '/etc/ceph/ceph.conf',
+        order   => '95',
+        content => template('cloud/storage/ceph/ceph-client.conf.erb')
+      }
+
+      if $::ceph_keyring_glance {
+        # NOTE(fc): Puppet needs to run a second time to enter this
+        ceph::key { $glance_user:
+          secret       => $::ceph_keyring_glance,
+          keyring_path => "/etc/ceph/ceph.client.${glance_user}.keyring"
+        } ->
+        file { '/etc/ceph/ceph.client.glance.keyring':
+          owner => 'glance',
+          group => 'glance',
+          mode  => '0400'
+        }
+      }
+
+      if $::ceph_keyring_cinder {
+        # NOTE(fc): Puppet needs to run a second time to enter this
+        ceph::key { $cinder_user:
+          secret       => $::ceph_keyring_cinder,
+          keyring_path => "/etc/ceph/ceph.client.${cinder_user}.keyring"
+        } ->
+        file { '/etc/ceph/ceph.client.cinder.keyring':
+          owner => 'cinder',
+          group => 'cinder',
+          mode  => '0400'
+        }
+      }
+
+      $clients = ['glance', 'cinder']
+      @@concat::fragment { 'ceph-clients-os':
+        target  => '/etc/ceph/ceph.conf',
+        order   => '95',
+        content => template('cloud/storage/ceph/ceph-client.conf.erb')
+      }
+
+      if $::ceph_keyring_glance {
+        # NOTE(fc): Puppet needs to run a second time to enter this
+        @@ceph::key { $glance_user:
+          secret       => $::ceph_keyring_glance,
+          keyring_path => "/etc/ceph/ceph.client.${glance_user}.keyring"
+        }
+      }
+
+      if $::ceph_keyring_cinder {
+        # NOTE(fc): Puppet needs to run a second time to enter this
+        @@ceph::key { $cinder_user:
+          secret       => $::ceph_keyring_cinder,
+          keyring_path => "/etc/ceph/ceph.client.${cinder_user}.keyring"
+        }
+      }
+
 #exec { "create cinder backup pool":
 #TODO: point PG num with a cluster variable + keyring
 #  command => "/usr/bin/ceph osd pool create ${::cinder_backup_pool} 128 128",
diff --git a/manifests/volume/storage.pp b/manifests/volume/storage.pp
index 62d3f613..4ad936ae 100644
--- a/manifests/volume/storage.pp
+++ b/manifests/volume/storage.pp
@@ -34,4 +34,15 @@ class cloud::volume::storage(
     rbd_secret_uuid    => $cinder_rbd_secret_uuid
   }
 
+  Ceph::Key <<| title == $cinder_user |>>
+  if defined(Ceph::Key[$cinder_user]) {
+    file { '/etc/ceph/ceph.client.cinder.keyring':
+      owner   => 'cinder',
+      group   => 'cinder',
+      mode    => '0400',
+      require => Ceph::Key[$cinder_user]
+    }
+  }
+  Concat::Fragment <<| title == 'ceph-client-os' |>>
+
 }
diff --git a/templates/storage/ceph/ceph-client.conf.erb b/templates/storage/ceph/ceph-client.conf.erb
new file mode 100644
index 00000000..40c34408
--- /dev/null
+++ b/templates/storage/ceph/ceph-client.conf.erb
@@ -0,0 +1,8 @@
+<% if @clients %>
+<% @clients.each do |client| %>
+
+[client.<%= @client %>]
+    keyring = /etc/ceph/ceph.client.<%= @client %>.keyring
+
+<% end %>
+<% end %>