diff --git a/README.md b/README.md
index 95b81dd6..22751f68 100644
--- a/README.md
+++ b/README.md
@@ -87,9 +87,7 @@ This cookbook exposes a set of default library routines:
 * `db_uri` -- Returns the SQLAlchemy RFC-1738 DB URI (see: http://rfc.net/rfc1738.html) for a named OpenStack database
 * `db_create_with_user` -- Creates a database and database user for a named OpenStack database
 * `secret` -- Returns the value of an encrypted data bag for a named OpenStack secret key and key-section
-* `db_password` -- Ease-of-use helper that returns the decrypted database password for a named OpenStack database
-* `service_password` -- Ease-of-use helper that returns the decrypted service password for named OpenStack service
-* `user_password` -- Ease-of-use helper that returns the decrypted password for a Keystone user
+* `get_password` -- Ease-of-use helper that returns the decrypted password for a named database, service or keystone user.
 
 Usage
 -----
@@ -118,10 +116,10 @@ require "uri"
 puts ::URI.decode nova_api_ap.to_s
 ```
 
-Example of using the `db_password` and `db_uri` routine:
+Example of using the `get_password` and `db_uri` routine:
 
 ```ruby
-db_pass = db_password "cinder"
+db_pass = get_password "db" "cinder"
 db_user = node["cinder"]["db"]["user"]
 sql_connection = db_uri "volume", db_user, db_pass
 
diff --git a/attributes/default.rb b/attributes/default.rb
index d94e5698..b4af75cb 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -363,7 +363,7 @@ default['openstack']['db']['orchestration']['db_name'] = 'heat'
 default['openstack']['db']['root_user_use_databag'] = false
 
 # If above root_user_use_databag is true, the below string
-# will be passed to the user_password library routine.
+# will be passed to the get_password library routine.
 default['openstack']['db']['root_user_key'] = 'mysqlroot'
 
 # logging.conf list keypairs module_name => log level to write
diff --git a/libraries/database.rb b/libraries/database.rb
index 4a596d86..d93dd555 100644
--- a/libraries/database.rb
+++ b/libraries/database.rb
@@ -42,7 +42,7 @@ module ::Openstack
         super_user = "postgres"
         if root_user_use_databag
           user_key = node['openstack']['db']['root_user_key']
-          super_password = user_password user_key
+          super_password = get_password "user", user_key
         else
           super_password = node['postgresql']['password']['postgres']
         end
@@ -55,7 +55,7 @@ module ::Openstack
 
         if root_user_use_databag
           user_key = node['openstack']['db']['root_user_key']
-          super_password = user_password user_key
+          super_password = get_password "user", user_key
         else
           super_password = node['mysql']['server_root_password']
         end
diff --git a/libraries/passwords.rb b/libraries/passwords.rb
index 9e58e16d..ad8ce78b 100644
--- a/libraries/passwords.rb
+++ b/libraries/passwords.rb
@@ -46,6 +46,16 @@ module ::Openstack
     ::Chef::EncryptedDataBagItem.load(bag_name, index, secret)[index]
   end
 
+  def get_password type, key
+    if ["db", "user", "service"].include?(type)
+      secret node["openstack"]["secret"]["#{type}_passwords_data_bag"], key
+    else
+      ::Chef::Log.error("Unsupported type for get_password: #{type}")
+    end
+  end
+
+  # TODO(andymccr): Remove these once other changes have merged to use get_password
+
   # Ease-of-use/standardization routine that returns a service password
   # for a named OpenStack service. Note that databases are named
   # after the OpenStack project nickname, like "nova" or "glance"
diff --git a/spec/password_spec.rb b/spec/password_spec.rb
index 62cd1b65..32498b04 100644
--- a/spec/password_spec.rb
+++ b/spec/password_spec.rb
@@ -28,14 +28,14 @@ describe ::Openstack do
     end
   end
 
-  describe "#service_password" do
+  describe "#get_password_service_password" do
     it "returns index param when developer_mode is true" do
       @chef_run = ::ChefSpec::Runner.new(::CHEFSPEC_OPTS) do |n|
         n.set["openstack"]["developer_mode"] = true
       end
       @chef_run.converge "openstack-common::default"
       @subject.stub(:node).and_return @chef_run.node
-      result = @subject.service_password("nova")
+      result = @subject.get_password("service", "nova")
       result.should == "nova"
     end
     it "returns databag when developer_mode is false" do
@@ -43,19 +43,19 @@ describe ::Openstack do
       ::Chef::EncryptedDataBagItem.stub(:load_secret).with("/etc/chef/openstack_data_bag_secret").and_return "secret"
       ::Chef::EncryptedDataBagItem.stub(:load).with("service_passwords", "nova", "secret").and_return value
       @subject.stub(:node).and_return @chef_run.node
-      result = @subject.service_password("nova")
+      result = @subject.get_password("service", "nova")
       result.should == "this"
     end
   end
 
-  describe "#db_password" do
+  describe "#get_password_db_password" do
     it "returns index param when developer_mode is true" do
       @chef_run = ::ChefSpec::Runner.new(::CHEFSPEC_OPTS) do |n|
         n.set["openstack"]["developer_mode"] = true
       end
       @chef_run.converge "openstack-common::default"
       @subject.stub(:node).and_return @chef_run.node
-      result = @subject.db_password("nova")
+      result = @subject.get_password("db", "nova")
       result.should == "nova"
     end
     it "returns databag when developer_mode is false" do
@@ -63,19 +63,19 @@ describe ::Openstack do
       ::Chef::EncryptedDataBagItem.stub(:load_secret).with("/etc/chef/openstack_data_bag_secret").and_return "secret"
       ::Chef::EncryptedDataBagItem.stub(:load).with("db_passwords", "nova", "secret").and_return value
       @subject.stub(:node).and_return @chef_run.node
-      result = @subject.db_password("nova")
+      result = @subject.get_password("db", "nova")
       result.should == "this"
     end
   end
 
-  describe "#user_password" do
+  describe "#get_password_user_password" do
     it "returns index param when developer_mode is true" do
       @chef_run = ::ChefSpec::Runner.new(::CHEFSPEC_OPTS) do |n|
         n.set["openstack"]["developer_mode"] = true
       end
       @chef_run.converge "openstack-common::default"
       @subject.stub(:node).and_return @chef_run.node
-      result = @subject.user_password("nova")
+      result = @subject.get_password("user", "nova")
       result.should == "nova"
     end
     it "returns databag when developer_mode is false" do
@@ -83,7 +83,7 @@ describe ::Openstack do
       ::Chef::EncryptedDataBagItem.stub(:load_secret).with("/etc/chef/openstack_data_bag_secret").and_return "secret"
       ::Chef::EncryptedDataBagItem.stub(:load).with("user_passwords", "nova", "secret").and_return value
       @subject.stub(:node).and_return @chef_run.node
-      result = @subject.user_password("nova")
+      result = @subject.get_password("user", "nova")
       result.should == "this"
     end
   end