diff --git a/CHANGELOG.md b/CHANGELOG.md
index d897d6e..4bb04a3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@ This file is used to list changes made in each version of the openstack-block-st
 ## 10.0.1
 # Update cinder.conf mode from 0644 to 0640
 * Add attribute for ibmnas_platform_type
+* Allow cafile, insecure, memcached_servers, memcache_security_strategy, memcache_secret_key and hash_algorithms to be configurable
 
 ## 10.0.0
 * Upgrading to Juno
diff --git a/README.md b/README.md
index 5dd4eb8..48b91c4 100644
--- a/README.md
+++ b/README.md
@@ -48,9 +48,14 @@ Attributes
 
 * `openstack["block-storage"]["db"]["username"]` - cinder username for database
 * `openstack["block-storage"]["volume_name_template"]` - Template string to be used to generate volume names
-*  `openstack["block-storage"]["snapshot_name_template"]` - Template string to be used to generate snapshot names
-* `openstack['block-storage']['api']['auth']['version']` - Select v2.0 or v3.0. Default v2.0 inherited from common cookbook. The default auth API version used to interact with identity service.
-
+* `openstack["block-storage"]["snapshot_name_template"]` - Template string to be used to generate snapshot names
+* `openstack['block-storage']['api']['auth']['version']` - Select v2.0 or v3.0. Default v2.0 inherited from common cookbook. The default auth API version used to interact with identity service
+* `openstack['block-storage']['api']['auth']['memcached_servers']` - A list of memcached server(s) to use for caching
+* `openstack['block-storage']['api']['auth']['memcache_security_strategy']` - Whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT
+* `openstack['block-storage']['api']['auth']['memcache_secret_key']` - This string is used for key derivation
+* `openstack['block-storage']['api']['auth']['hash_algorithms']` - Hash algorithms to use for hashing PKI tokens
+* `openstack['block-storage']['api']['auth']['cafile']` - A PEM encoded Certificate Authority to use when verifying HTTPs connections
+* `openstack['block-storage']['api']['auth']['insecure']` - Set whether to verify HTTPS connections
 MQ attributes
 -------------
 * `openstack["block-storage"]["mq"]["service_type"]` - Select qpid or rabbitmq. default rabbitmq
diff --git a/attributes/default.rb b/attributes/default.rb
index bc58b6d..f4541f8 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -71,6 +71,24 @@ default['openstack']['block-storage']['api']['auth']['cache_dir'] = '/var/cache/
 
 default['openstack']['block-storage']['api']['auth']['version'] = node['openstack']['api']['auth']['version']
 
+# A list of memcached server(s) to use for caching
+default['openstack']['block-storage']['api']['auth']['memcached_servers'] = nil
+
+# Whether token data should be authenticated or authenticated and encrypted. Acceptable values are MAC or ENCRYPT
+default['openstack']['block-storage']['api']['auth']['memcache_security_strategy'] = nil
+
+# This string is used for key derivation
+default['openstack']['block-storage']['api']['auth']['memcache_secret_key'] = nil
+
+# Hash algorithms to use for hashing PKI tokens
+default['openstack']['block-storage']['api']['auth']['hash_algorithms'] = 'md5'
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs connections
+default['openstack']['block-storage']['api']['auth']['cafile'] = nil
+
+# Verify HTTPS connections
+default['openstack']['block-storage']['api']['auth']['insecure'] = false
+
 # Maximum allocatable gigabytes
 # Should equal total backend storage, default is 10TB
 default['openstack']['block-storage']['max_gigabytes'] = '10000'
diff --git a/spec/cinder_common_spec.rb b/spec/cinder_common_spec.rb
index a4f6d6f..4fb4742 100644
--- a/spec/cinder_common_spec.rb
+++ b/spec/cinder_common_spec.rb
@@ -75,13 +75,69 @@ describe 'openstack-block-storage::cinder-common' do
         expect(sprintf('%o', file.mode)).to eq '640'
       end
 
-      context 'template keystone contents' do
+      context 'keystone authtoken attributes with default values' do
+        it 'sets memcached server(s)' do
+          expect(chef_run).not_to render_file(file.name).with_content(/^memcached_servers = $/)
+        end
+
+        it 'sets memcache security strategy' do
+          expect(chef_run).not_to render_file(file.name).with_content(/^memcache_security_strategy = $/)
+        end
+
+        it 'sets memcache secret key' do
+          expect(chef_run).not_to render_file(file.name).with_content(/^memcache_secret_key = $/)
+        end
+
+        it 'sets cafile' do
+          expect(chef_run).not_to render_file(file.name).with_content(/^cafile = $/)
+        end
+
+        it 'sets insecure' do
+          expect(chef_run).to render_file(file.name).with_content(/^insecure = false$/)
+        end
+
+        it 'sets token hash algorithms' do
+          expect(chef_run).to render_file(file.name).with_content(/^hash_algorithms = md5$/)
+        end
+      end
+
+      context 'keystone authtoken attributes' do
         it 'has signing_dir' do
           node.set['openstack']['block-storage']['api']['auth']['cache_dir'] = 'auth_cache_dir'
 
           expect(chef_run).to render_file(file.name).with_content(/^signing_dir = auth_cache_dir$/)
         end
 
+        it 'sets memcached server(s)' do
+          node.set['openstack']['block-storage']['api']['auth']['memcached_servers'] = 'localhost:11211'
+          expect(chef_run).to render_file(file.name).with_content(/^memcached_servers = localhost:11211$/)
+        end
+
+        it 'sets memcache security strategy' do
+          node.set['openstack']['block-storage']['api']['auth']['memcache_security_strategy'] = 'MAC'
+          expect(chef_run).to render_file(file.name).with_content(/^memcache_security_strategy = MAC$/)
+        end
+
+        it 'sets memcache secret key' do
+          node.set['openstack']['block-storage']['api']['auth']['memcache_secret_key'] = '0123456789ABCDEF'
+          expect(chef_run).to render_file(file.name).with_content(/^memcache_secret_key = 0123456789ABCDEF$/)
+        end
+
+        it 'sets cafile' do
+          node.set['openstack']['block-storage']['api']['auth']['cafile'] = 'dir/to/path'
+          expect(chef_run).to render_file(file.name).with_content(%r{^cafile = dir/to/path$})
+        end
+
+        it 'sets insecure' do
+          node.set['openstack']['block-storage']['api']['auth']['insecure'] = true
+          expect(chef_run).to render_file(file.name).with_content(/^insecure = true$/)
+        end
+
+        it 'sets token hash algorithms' do
+          node.set['openstack']['block-storage']['api']['auth']['hash_algorithms'] = 'sha2'
+          expect(chef_run).to render_file(file.name).with_content(/^hash_algorithms = sha2$/)
+        end
+
         context 'endpoint related' do
 
           it 'has auth_uri' do
diff --git a/templates/default/cinder.conf.erb b/templates/default/cinder.conf.erb
index 1748432..7b2a8e8 100644
--- a/templates/default/cinder.conf.erb
+++ b/templates/default/cinder.conf.erb
@@ -1095,9 +1095,13 @@ admin_tenant_name = <%= node["openstack"]["block-storage"]["service_tenant_name"
 # A PEM encoded Certificate Authority to use when verifying
 # HTTPs connections. Defaults to system CAs. (string value)
 #cafile=<None>
+<% if node['openstack']['block-storage']['api']['auth']['cafile'] %>
+cafile = <%= node['openstack']['block-storage']['api']['auth']['cafile'] %>
+<% end %>
 
 # Verify HTTPS connections. (boolean value)
 #insecure=false
+insecure = <%= node['openstack']['block-storage']['api']['auth']['insecure'] %>
 
 # Directory used to cache files related to PKI tokens (string
 # value)
@@ -1108,6 +1112,9 @@ signing_dir = <%= node["openstack"]["block-storage"]["api"]["auth"]["cache_dir"]
 # in-process. (list value)
 # Deprecated group/name - [DEFAULT]/memcache_servers
 #memcached_servers=<None>
+<% if node['openstack']['block-storage']['api']['auth']['memcached_servers'] %>
+memcached_servers = <%= node['openstack']['block-storage']['api']['auth']['memcached_servers'] %>
+<% end %>
 
 # In order to prevent excessive effort spent validating
 # tokens, the middleware caches previously-seen tokens for a
@@ -1130,11 +1137,17 @@ signing_dir = <%= node["openstack"]["block-storage"]["api"]["auth"]["cache_dir"]
 # value is not one of these options or empty, auth_token will
 # raise an exception on initialization. (string value)
 #memcache_security_strategy=<None>
+<% if node['openstack']['block-storage']['api']['auth']['memcache_security_strategy'] %>
+memcache_security_strategy = <%= node['openstack']['block-storage']['api']['auth']['memcache_security_strategy'] %>
+<% end %>
 
 # (optional, mandatory if memcache_security_strategy is
 # defined) this string is used for key derivation. (string
 # value)
 #memcache_secret_key=<None>
+<% if node['openstack']['block-storage']['api']['auth']['memcache_secret_key'] %>
+memcache_secret_key = <%= node['openstack']['block-storage']['api']['auth']['memcache_secret_key'] %>
+<% end %>
 
 # (optional) indicate whether to set the X-Service-Catalog
 # header. If False, middleware will not ask for service
@@ -1169,3 +1182,4 @@ signing_dir = <%= node["openstack"]["block-storage"]["api"]["auth"]["cache_dir"]
 # should be set to a single value for better performance.
 # (list value)
 #hash_algorithms=md5
+hash_algorithms = <%= node['openstack']['block-storage']['api']['auth']['hash_algorithms'] %>