diff --git a/keystone/credential/controllers.py b/keystone/credential/controllers.py
index 95cc7d0230..f64495e093 100644
--- a/keystone/credential/controllers.py
+++ b/keystone/credential/controllers.py
@@ -86,7 +86,8 @@ class CredentialV3(controller.V3Controller):
                                      trust_id=trust_id,
                                      app_cred_id=app_cred_id,
                                      access_token_id=access_token_id)
-        ref = PROVIDERS.credential_api.create_credential(ref['id'], ref)
+        ref = PROVIDERS.credential_api.create_credential(
+            ref['id'], ref, initiator=request.audit_initiator)
         return CredentialV3.wrap_member(request.context_dict, ref)
 
     @staticmethod
@@ -147,4 +148,5 @@ class CredentialV3(controller.V3Controller):
 
     @controller.protected()
     def delete_credential(self, request, credential_id):
-        return PROVIDERS.credential_api.delete_credential(credential_id)
+        return (PROVIDERS.credential_api.delete_credential(credential_id,
+                initiator=request.audit_initiator))
diff --git a/keystone/credential/core.py b/keystone/credential/core.py
index cb28b314e0..d6c48ff163 100644
--- a/keystone/credential/core.py
+++ b/keystone/credential/core.py
@@ -21,6 +21,7 @@ from keystone.common import manager
 from keystone.common import provider_api
 import keystone.conf
 from keystone import exception
+from keystone import notifications
 
 
 CONF = keystone.conf.CONF
@@ -38,6 +39,8 @@ class Manager(manager.Manager):
     driver_namespace = 'keystone.credential'
     _provides_api = 'credential_api'
 
+    _CRED = 'credential'
+
     def __init__(self):
         super(Manager, self).__init__(CONF.credential.driver)
 
@@ -102,13 +105,18 @@ class Manager(manager.Manager):
         credential = self.driver.get_credential(credential_id)
         return self._decrypt_credential(credential)
 
-    def create_credential(self, credential_id, credential):
+    def create_credential(self, credential_id, credential,
+                          initiator=None):
         """Create a credential."""
         credential_copy = self._encrypt_credential(credential)
         ref = self.driver.create_credential(credential_id, credential_copy)
         ref.pop('key_hash', None)
         ref.pop('encrypted_blob', None)
         ref['blob'] = credential['blob']
+        notifications.Audit.created(
+            self._CRED,
+            credential_id,
+            initiator)
         return ref
 
     def _validate_credential_update(self, credential_id, credential):
@@ -143,3 +151,10 @@ class Manager(manager.Manager):
         else:
             ref['blob'] = existing_blob
         return ref
+
+    def delete_credential(self, credential_id,
+                          initiator=None):
+        """Delete a credential."""
+        self.driver.delete_credential(credential_id)
+        notifications.Audit.deleted(
+            self._CRED, credential_id, initiator)
diff --git a/releasenotes/notes/bug-1831918-c70cf87ef086d871.yaml b/releasenotes/notes/bug-1831918-c70cf87ef086d871.yaml
new file mode 100644
index 0000000000..33a355cc5d
--- /dev/null
+++ b/releasenotes/notes/bug-1831918-c70cf87ef086d871.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    [`bug 1831918 <https://bugs.launchpad.net/keystone/+bug/1831918>`_]
+    Credentials now logs cadf audit messages.
+