diff --git a/hooks/keystone_utils.py b/hooks/keystone_utils.py
index 2774f991..f0d54dec 100644
--- a/hooks/keystone_utils.py
+++ b/hooks/keystone_utils.py
@@ -464,6 +464,10 @@ valid_services = {
         "type": "workloads",
         "desc": "TrilioVault Workload Manager Service",
     },
+    "keystone": {
+        "type": "identity",
+        "desc": "Keystone Identity Service",
+    },
 }
 
 # The interface is said to be satisfied if anyone of the interfaces in the
@@ -1581,8 +1585,9 @@ def ensure_initial_admin(config):
                                         set_admin_passwd, tenant='admin',
                                         new_roles=[config('admin-role')])
 
-        create_service_entry("keystone", "identity",
-                             "Keystone Identity Service")
+        service_type = valid_services['keystone']['type']
+        desc = valid_services['keystone']['desc']
+        create_service_entry("keystone", service_type, desc)
 
         for region in config('region').split():
             create_keystone_endpoint(public_ip=resolve_address(PUBLIC),
@@ -1881,6 +1886,12 @@ def add_service_to_keystone(relation_id=None, remote_unit=None):
             relation_data["api_version"] = get_api_version()
             relation_data["admin_domain_id"] = leader_get(
                 attribute='admin_domain_id')
+
+            if 'service' in settings:
+                svc_name = settings['service'].partition('_')[0]
+                relation_data['service_type'] = \
+                    valid_services[svc_name]['type']
+
             # Allow the remote service to request creation of any additional
             # roles. Currently used by Horizon
             for role in requested_roles:
@@ -2012,6 +2023,12 @@ def add_service_to_keystone(relation_id=None, remote_unit=None):
             get_real_role_names(requested_roles, manager))
     }
 
+    # get service key
+    svckey = [k for k in settings if k.endswith('_service')] or ['service']
+    if svckey[0] in settings:
+        relation_data['service_type'] = \
+            valid_services[settings[svckey[0]]]['type']
+
     peer_store_and_set(relation_id=relation_id, **relation_data)
     # NOTE(dosaboy): '__null__' settings are for peer relation only so that
     # settings can flushed so we filter them out for non-peer relation.
diff --git a/unit_tests/test_keystone_utils.py b/unit_tests/test_keystone_utils.py
index 7fa82421..5ec10b99 100644
--- a/unit_tests/test_keystone_utils.py
+++ b/unit_tests/test_keystone_utils.py
@@ -409,6 +409,7 @@ class TestKeystoneUtils(CharmTestCase):
                          'auth_port': 80,
                          'auth_protocol': 'https',
                          'service_port': 81,
+                         'service_type': 'identity',
                          'internal_host': '10.10.10.10',
                          'internal_protocol': 'https',
                          'internal_port': 81,
@@ -508,6 +509,7 @@ class TestKeystoneUtils(CharmTestCase):
                          'service_domain': service_domain,
                          'service_domain_id': service_domain_id,
                          'service_tenant': 'tenant',
+                         'service_type': 'identity',
                          'https_keystone': '__null__',
                          'ssl_cert': '__null__', 'ssl_key': '__null__',
                          'ca_cert': '__null__',