diff --git a/etc/proxy-server.conf-sample b/etc/proxy-server.conf-sample
index a5f4ea1..3ffbe1a 100644
--- a/etc/proxy-server.conf-sample
+++ b/etc/proxy-server.conf-sample
@@ -57,6 +57,11 @@ use = egg:swauth#swauth
 # you're not going to use such middleware and you want a bit of extra security,
 # you can set this to false.
 #   allow_overrides = true
+# This allows swauth to PUT authentication related objects over a specific
+# storage policy instead of the default one. When this is set, all requests
+# sent by swauth will contain X-Storage-Policy header with its value set
+# to the value specified here.
+#   default_storage_policy =
 # Highly recommended to change this. If you comment this out, the Swauth
 # administration features will be disabled for this proxy.
 super_admin_key = swauthkey
diff --git a/swauth/middleware.py b/swauth/middleware.py
index ee7d74a..fffd0e2 100644
--- a/swauth/middleware.py
+++ b/swauth/middleware.py
@@ -145,6 +145,7 @@ class Swauth(object):
             conf.get('allow_overrides', 't').lower() in TRUE_VALUES
         self.agent = '%(orig)s Swauth'
         self.swift_source = 'SWTH'
+        self.default_storage_policy = conf.get('default_storage_policy', None)
 
     def make_pre_authed_request(self, env, method=None, path=None, body=None,
                                 headers=None):
@@ -159,6 +160,12 @@ class Swauth(object):
         Since we're doing this anyway, we may as well set the user
         agent too since we always do that.
         """
+        if self.default_storage_policy:
+            sp = self.default_storage_policy
+            if headers:
+                headers.update({'X-Storage-Policy': sp})
+            else:
+                headers = {'X-Storage-Policy': sp}
         subreq = swift.common.wsgi.make_pre_authed_request(
             env, method=method, path=path, body=body, headers=headers,
             agent=self.agent)
diff --git a/test_swauth/unit/test_middleware.py b/test_swauth/unit/test_middleware.py
index 5c73cda..00e6b1b 100644
--- a/test_swauth/unit/test_middleware.py
+++ b/test_swauth/unit/test_middleware.py
@@ -3888,6 +3888,14 @@ class TestAuth(unittest.TestCase):
         self.assertEquals(resp.environ['swift.authorize'],
                           self.test_auth.denied_response)
 
+    def test_default_storage_policy(self):
+        ath = auth.filter_factory({})(FakeApp())
+        self.assertEquals(ath.default_storage_policy, None)
+
+        ath = \
+            auth.filter_factory({'default_storage_policy': 'ssd'})(FakeApp())
+        self.assertEquals(ath.default_storage_policy, 'ssd')
+
 
 if __name__ == '__main__':
     unittest.main()