diff --git a/doc/source/configuration/block-storage/drivers/ceph-rbd-volume-driver.rst b/doc/source/configuration/block-storage/drivers/ceph-rbd-volume-driver.rst
index 78c564b9ab9..5b2acf57abf 100644
--- a/doc/source/configuration/block-storage/drivers/ceph-rbd-volume-driver.rst
+++ b/doc/source/configuration/block-storage/drivers/ceph-rbd-volume-driver.rst
@@ -87,6 +87,15 @@ Driver options
 The following table contains the configuration options supported by the
 Ceph RADOS Block Device driver.
 
+.. warning::
+   Due to security concerns, it is recommended deployers do not use the
+   ``rbd_keyring_conf`` option. This configuration option has been deprecated
+   and will be removed in the Victoria release.
+
+   For more information, see `OSSN-0085 Cinder configuration option can leak
+   secret key from Ceph backend.
+   <https://opendev.org/openstack/security-doc/src/branch/master/security-notes/OSSN-0085>`_
+
 .. config-table::
    :config-target: Ceph storage
 
diff --git a/releasenotes/notes/deprecate-rbd_keyring_conf-432efbcd47e52c8a.yaml b/releasenotes/notes/deprecate-rbd_keyring_conf-432efbcd47e52c8a.yaml
new file mode 100644
index 00000000000..74388a17a62
--- /dev/null
+++ b/releasenotes/notes/deprecate-rbd_keyring_conf-432efbcd47e52c8a.yaml
@@ -0,0 +1,9 @@
+---
+security:
+  - |
+    Due to `OSSN-0085
+    <https://wiki.openstack.org/wiki/OSSN/OSSN-0085>`_:
+    Cinder configuration option can leak secret key from Ceph backend,
+    deployers using the ``rbd_keyring_conf`` option are advised to stop
+    using it immediately.  The option has been deprecated for removal
+    as of Ussuri and will be removed in the Victoria development cycle.