diff --git a/.coveragerc b/.coveragerc
index 321330e2a..f7d3307ab 100644
--- a/.coveragerc
+++ b/.coveragerc
@@ -1,6 +1,6 @@
 [run]
 branch = True
-omit = etc/*,setup.py,*egg*,.tox/*,barbican/tests/*,*barbican/openstack/*
+omit = etc/*,setup.py,*egg*,.tox/*,barbican/tests/*,*barbican/openstack/*,*barbican/functionaltests/*,*barbican/contrib/*
 
 [report]
 ignore_errors = True
diff --git a/barbican/contrib/devstack/extras.d/70-barbican.sh b/barbican/contrib/devstack/extras.d/70-barbican.sh
new file mode 100755
index 000000000..e0d531835
--- /dev/null
+++ b/barbican/contrib/devstack/extras.d/70-barbican.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+# DevStack extras script to install Barbican
+
+if is_service_enabled barbican; then
+    if [[ "$1" == "source" ]]; then
+        # Initial source
+        source $TOP_DIR/lib/barbican
+    elif [[ "$1" == "stack" && "$2" == "install" ]]; then
+        echo_summary "Installing Barbican"
+        install_barbicanclient
+        install_barbican
+    elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
+        echo_summary "Configuring Barbican"
+        configure_barbican
+        configure_barbicanclient
+
+        if is_service_enabled key; then
+            create_barbican_accounts
+        fi
+
+    elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
+        echo_summary "Initializing Barbican"
+        init_barbican
+        start_barbican
+    fi
+
+    if [[ "$1" == "unstack" ]]; then
+        stop_barbican
+    fi
+fi
\ No newline at end of file
diff --git a/barbican/contrib/devstack/lib/barbican b/barbican/contrib/devstack/lib/barbican
new file mode 100755
index 000000000..cf7de2ded
--- /dev/null
+++ b/barbican/contrib/devstack/lib/barbican
@@ -0,0 +1,193 @@
+# lib/barbican
+# Install and start **Barbican** service
+
+# To enable a minimal set of Barbican features, add the following to localrc:
+#   enable_service barbican
+#
+# Dependencies:
+# - functions
+# - OS_AUTH_URL for auth in api
+# - DEST set to the destination directory
+# - SERVICE_PASSWORD, SERVICE_TENANT_NAME for auth in api
+# - STACK_USER service user
+
+# stack.sh
+# ---------
+# install_barbican
+# configure_barbican
+# init_barbican
+# start_barbican
+# stop_barbican
+# cleanup_barbican
+
+# Save trace setting
+XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+
+# Defaults
+# --------
+
+# Set up default directories
+BARBICAN_DIR=$DEST/barbican
+BARBICANCLIENT_DIR=$DEST/python-barbicanclient
+BARBICAN_CONF_DIR=${BARBICAN_CONF_DIR:-/etc/barbican}
+BARBICAN_CONF=$BARBICAN_CONF_DIR/barbican-api.conf
+BARBICAN_PASTE_CONF=$BARBICAN_CONF_DIR/barbican-api-paste.ini
+BARBICAN_API_LOG_DIR=$DEST/logs
+BARBICAN_AUTH_CACHE_DIR=${BARBICAN_AUTH_CACHE_DIR:-/var/cache/barbican}
+
+# Support potential entry-points console scripts
+BARBICAN_BIN_DIR=$(get_python_exec_prefix)
+
+# Set Barbican repository
+BARBICAN_REPO=${BARBICAN_REPO:-${GIT_BASE}/stackforge/barbican.git}
+BARBICAN_BRANCH=${BARBICAN_BRANCH:-master}
+
+# Set client library repository
+BARBICANCLIENT_REPO=${BARBICANCLIENT_REPO:-${GIT_BASE}/stackforge/python-barbicanclient.git}
+BARBICANCLIENT_BRANCH=${BARBICANCLIENT_BRANCH:-master}
+
+# Tell Tempest this project is present
+TEMPEST_SERVICES+=,barbican
+
+
+# Functions
+# ---------
+
+# cleanup_barbican() - Remove residual data files, anything left over from previous
+# runs that a clean run would need to clean up
+function cleanup_barbican() {
+    :
+}
+
+# configure_barbicanclient() - Set config files, create data dirs, etc
+function configure_barbicanclient() {
+    setup_develop $BARBICANCLIENT_DIR
+}
+
+# configure_barbican() - Set config files, create data dirs, etc
+function configure_barbican() {
+    setup_develop $BARBICAN_DIR
+
+    [ ! -d $BARBICAN_CONF_DIR ] && sudo mkdir -m 755 -p $BARBICAN_CONF_DIR
+    sudo chown $USER $BARBICAN_CONF_DIR
+
+    [ ! -d $BARBICAN_API_LOG_DIR ] &&  sudo mkdir -m 755 -p $BARBICAN_API_LOG_DIR
+    sudo chown $USER $BARBICAN_API_LOG_DIR
+
+    [ ! -d $BARBICAN_CONF_DIR ] && sudo mkdir -m 755 -p $BARBICAN_CONF_DIR
+    sudo chown $USER $BARBICAN_CONF_DIR
+
+    # Copy the barbican config files to the config dir
+    cp $BARBICAN_DIR/etc/barbican/barbican-api.conf $BARBICAN_CONF_DIR
+    cp $BARBICAN_DIR/etc/barbican/barbican-api-paste.ini $BARBICAN_CONF_DIR
+    cp $BARBICAN_DIR/etc/barbican/barbican-admin-paste.ini $BARBICAN_CONF_DIR
+    cp -R $BARBICAN_DIR/etc/barbican/vassals $BARBICAN_CONF_DIR
+
+    # Set the logging to INFO
+    iniset $BARBICAN_CONF DEFAULT verbose True
+
+    # Do not set to DEBUG
+    iniset $BARBICAN_CONF DEFAULT debug False
+
+    # Set the log file location
+    initset $BARBICAN_CONF DEFAULT log_file "$BARBICAN_API_LOG_DIR/api.log"
+
+    # Install the policy file for the API server
+    cp $BARBICAN_DIR/etc/barbican/policy.json $BARBICAN_CONF_DIR
+    iniset $BARBICAN_CONF DEFAULT policy_file $BARBICAN_CONF_DIR/policy.json
+
+    # Set the database connection url
+    iniset $BARBICAN_CONF DEFAULT sql_connection `database_connection_url barbican`
+
+    # Rabbit settings
+    if is_service_enabled rabbit; then
+        iniset $BARBICAN_CONF 'secrets' broker rabbit://guest:$RABBIT_PASSWORD@$RABBIT_HOST
+    else
+        echo_summary "Barbican requires that the RabbitMQ service is enabled"
+    fi
+
+    ## Set up keystone
+
+    # Turn on the middleware
+    iniset $BARBICAN_PASTE_CONF 'pipeline:main' pipeline 'keystone_authtoken context apiapp'
+
+    # Set the keystone parameters
+    iniset $BARBICAN_PASTE_CONF 'filter:keystone_authtoken' auth_protocol $KEYSTONE_AUTH_PROTOCOL
+    iniset $BARBICAN_PASTE_CONF 'filter:keystone_authtoken' auth_host $KEYSTONE_AUTH_HOST
+    iniset $BARBICAN_PASTE_CONF 'filter:keystone_authtoken' auth_port $KEYSTONE_AUTH_PORT
+    iniset $BARBICAN_PASTE_CONF 'filter:keystone_authtoken' admin_user barbican
+    iniset $BARBICAN_PASTE_CONF 'filter:keystone_authtoken' admin_password $SERVICE_PASSWORD
+    iniset $BARBICAN_PASTE_CONF 'filter:keystone_authtoken' admin_tenant_name $SERVICE_TENANT_NAME
+    iniset $BARBICAN_PASTE_CONF 'filter:keystone_authtoken' signing_dir $BARBICAN_AUTH_CACHE_DIR
+}
+
+# init_barbican() - Initialize etc.
+function init_barbican() {
+    # Create cache dir
+    sudo mkdir -p $BARBICAN_AUTH_CACHE_DIR
+    sudo chown $STACK_USER $BARBICAN_AUTH_CACHE_DIR
+    rm -f $BARBICAN_AUTH_CACHE_DIR/*
+
+    recreate_database barbican utf8
+}
+
+# install_barbican() - Collect source and prepare
+function install_barbican() {
+    git_clone $BARBICAN_REPO $BARBICAN_DIR $BARBICAN_BRANCH
+    setup_develop $BARBICAN_DIR
+    pip_install 'uwsgi'
+}
+
+# install_barbicanclient() - Collect source and prepare
+function install_barbicanclient() {
+    git_clone $BARBICANCLIENT_REPO $BARBICANCLIENT_DIR $BARBICANCLIENT_BRANCH
+    setup_develop $BARBICANCLIENT_DIR
+}
+
+# start_barbican() - Start running processes, including screen
+function start_barbican() {
+    screen_it barbican "uwsgi --master --emperor $BARBICAN_CONF_DIR/vassals --logto $BARBICAN_API_LOG_DIR/api.log"
+}
+
+# stop_barbican() - Stop running processes
+function stop_barbican() {
+    screen_stop barbican
+}
+
+function create_barbican_accounts() {
+    SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
+    ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
+
+    BARBICAN_USER=$(keystone user-create --name=barbican \
+                                                --pass="$SERVICE_PASSWORD" \
+                                                --tenant-id $SERVICE_TENANT \
+                                                --email=barbican@example.com \
+                                                | grep " id " | get_field 2)
+    keystone user-role-add --tenant-id $SERVICE_TENANT \
+                            --user-id $BARBICAN_USER \
+                            --role-id $ADMIN_ROLE
+    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
+        BARBICAN_SERVICE=$(keystone service-create \
+            --name=barbican \
+            --type=keystore \
+            --description="Barbican Service" \
+            | grep " id " | get_field 2)
+        keystone endpoint-create \
+            --region RegionOne \
+            --service_id $BARBICAN_SERVICE \
+            --publicurl "http://$SERVICE_HOST:9311" \
+            --adminurl "http://$SERVICE_HOST:9312" \
+            --internalurl "http://$SERVICE_HOST:9311"
+    fi
+
+}
+
+
+# Restore xtrace
+$XTRACE
+
+# Local variables:
+# mode: shell-script
+# End:
diff --git a/barbican/functionaltests/__init__.py b/barbican/functionaltests/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/barbican/functionaltests/post_test_hook.sh b/barbican/functionaltests/post_test_hook.sh
new file mode 100755
index 000000000..db5fe763a
--- /dev/null
+++ b/barbican/functionaltests/post_test_hook.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# This script is executed inside post_test_hook function in devstack gate.
+
+# Install packages from test-requirements.txt
+sudo pip install -r /opt/stack/new/barbican/test-requirements.txt
+
+cd /opt/stack/new/barbican/functionaltests
+sudo ./run_tests.sh
diff --git a/barbican/functionaltests/pre_test_hook.sh b/barbican/functionaltests/pre_test_hook.sh
new file mode 100755
index 000000000..8f31d8b0a
--- /dev/null
+++ b/barbican/functionaltests/pre_test_hook.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# This script is executed inside pre_test_hook function in desvstack gate.
+
+# Install barbican devstack integration
+BARBICAN_BASE=/opt/stack/new/barbican/contrib/devstack
+DEVSTACK_BASE=/opt/stack/new/devstack
+cp BARBICAN_BASE/lib/* $DEVSTACK_BASE/lib
+cp BARBICAN_BASE/extras.d/* $DEVSTACK_BASE/extras.d
diff --git a/barbican/functionaltests/run_tests.sh b/barbican/functionaltests/run_tests.sh
new file mode 100755
index 000000000..808e3c3d4
--- /dev/null
+++ b/barbican/functionaltests/run_tests.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# How many seconds to wait for the API to be responding before giving up
+API_RESPONDING_TIMEOUT=20
+
+if ! timeout ${API_RESPONDING_TIMEOUT} sh -c "while ! curl -s -o /dev/null http://127.0.0.1:9311/ ; do sleep 1; done"; then
+    echo "API failed to respond within ${API_RESPONDING_TIMEOUT} seconds"
+    exit 1
+fi
+
+# Where tempest code lives
+TEMPEST_DIR=${TEMPEST_DIR:-/opt/stack/new/tempest}
+
+# Add tempest source tree to PYTHONPATH
+export PYTHONPATH=$PYTHONPATH:$TEMPEST_DIR
+
+nosetests -v .