diff --git a/manifests/compute/hypervisor.pp b/manifests/compute/hypervisor.pp
index 1253855e..621a21be 100644
--- a/manifests/compute/hypervisor.pp
+++ b/manifests/compute/hypervisor.pp
@@ -180,9 +180,6 @@ Host *
     Exec <<| tag == 'get_or_set_virsh_secret' |>>
     Exec <<| tag == 'set_secret_value_virsh' |>>
 
-    # Configure Ceph keyring
-    Ceph::Key <<| title == $cinder_rbd_user |>>
-
     # If Cinder & Nova reside on the same node, we need a group
     # where nova & cinder users have read permissions.
     ensure_resource('group', 'cephkeyring', {
@@ -195,13 +192,20 @@ Host *
       'unless'  => 'groups nova | grep cephkeyring'
     })
 
-    ensure_resource('file', "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring", {
-      owner   => 'root',
-      group   => 'cephkeyring',
-      mode    => '0440',
-      require => Ceph::Key[$cinder_rbd_user],
-      notify  => Service['nova-compute'],
-    })
+    # Configure Ceph keyring
+    Ceph::Key <<| title == $cinder_rbd_user |>>
+    if defined(Ceph::Key[$cinder_rbd_user]) {
+      ensure_resource(
+        'file',
+        "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring", {
+          owner   => 'root',
+          group   => 'cephkeyring',
+          mode    => '0440',
+          require => Ceph::Key[$cinder_rbd_user],
+          notify  => Service['nova-compute'],
+        }
+      )
+    }
 
     Concat::Fragment <<| title == 'ceph-client-os' |>>
   } else {
diff --git a/manifests/image/api.pp b/manifests/image/api.pp
index 22e45f22..4ea20c3c 100644
--- a/manifests/image/api.pp
+++ b/manifests/image/api.pp
@@ -157,7 +157,7 @@ class cloud::image::api(
       rbd_store_pool => $glance_rbd_pool
     }
 
-    Ceph::Key <<| title == $glance_rbd_user |>>
+    Ceph::Key <<| title == $glance_rbd_user |>> ->
     file { '/etc/ceph/ceph.client.glance.keyring':
       owner   => 'glance',
       group   => 'glance',
diff --git a/manifests/volume/backend/rbd.pp b/manifests/volume/backend/rbd.pp
index 6a5c6a71..04392b06 100644
--- a/manifests/volume/backend/rbd.pp
+++ b/manifests/volume/backend/rbd.pp
@@ -71,9 +71,6 @@ define cloud::volume::backend::rbd (
     volume_tmp_dir                   => '/tmp'
   }
 
-  # Configure Ceph keyring
-  Ceph::Key <<| title == $rbd_user |>>
-
   # If Cinder & Nova reside on the same node, we need a group
   # where nova & cinder users have read permissions.
   ensure_resource('group', 'cephkeyring', {
@@ -86,12 +83,16 @@ define cloud::volume::backend::rbd (
     'unless'  => 'groups cinder | grep cephkeyring'
   })
 
-  ensure_resource('file', "/etc/ceph/ceph.client.${rbd_user}.keyring", {
-    owner   => 'root',
-    group   => 'cephkeyring',
-    mode    => '0440',
-    require => Ceph::Key[$rbd_user],
-  })
+  # Configure Ceph keyring
+  Ceph::Key <<| title == $rbd_user |>>
+  if defined(Ceph::Key[$rbd_user]) {
+    ensure_resource('file', "/etc/ceph/ceph.client.${rbd_user}.keyring", {
+      owner   => 'root',
+      group   => 'cephkeyring',
+      mode    => '0440',
+      require => Ceph::Key[$rbd_user],
+      })
+  }
 
   Concat::Fragment <<| title == 'ceph-client-os' |>>