diff --git a/etc/openstack_deploy/user_secrets.yml b/etc/openstack_deploy/user_secrets.yml
index b4c156afa8..c9ff8115ad 100644
--- a/etc/openstack_deploy/user_secrets.yml
+++ b/etc/openstack_deploy/user_secrets.yml
@@ -235,6 +235,7 @@ barbican_oslomsg_rpc_password:
 # your user variables.
 #barbican_oslomsg_notify_password:
 barbican_service_password:
+barbican_simple_crypto_key:
 
 ## Blazar Options
 blazar_oslomsg_rpc_password:
diff --git a/inventory/group_vars/barbican_all.yml b/inventory/group_vars/barbican_all.yml
index c19fb9319d..e0169480b7 100644
--- a/inventory/group_vars/barbican_all.yml
+++ b/inventory/group_vars/barbican_all.yml
@@ -16,3 +16,4 @@
 barbican_service_region: "{{ service_region }}"
 barbican_service_in_ldap: "{{ service_ldap_backend_enabled }}"
 barbican_keystone_auth: yes
+barbican_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}"
diff --git a/releasenotes/notes/token-gen-key-0395ca56015506d1.yaml b/releasenotes/notes/token-gen-key-0395ca56015506d1.yaml
new file mode 100644
index 0000000000..da244c62ec
--- /dev/null
+++ b/releasenotes/notes/token-gen-key-0395ca56015506d1.yaml
@@ -0,0 +1,5 @@
+---
+other:
+  - |
+    pw-token-gen.py script will generate always 32 char string instead of
+    random choice between 24 or 32 length.
diff --git a/scripts/pw-token-gen.py b/scripts/pw-token-gen.py
index 6638d027ea..6b30095f68 100755
--- a/scripts/pw-token-gen.py
+++ b/scripts/pw-token-gen.py
@@ -42,7 +42,7 @@ class CredentialGenerator(object):
     password: 16 - 64 character string
     secret:  16 - 64 character string
     token: 64 - 72 character string
-    key: 24, or 32 character string (Needs to be AES compatible)
+    key: 32 character string (Needs to be AES compatible)
 
     Usage:
     >>> generator = CredentialGenerator()
@@ -96,14 +96,14 @@ class CredentialGenerator(object):
         return encoded_bytes[:random.randrange(64, 72)]
 
     def _key_gen(self, encoded_bytes):
-        """Returns ``str`` with a length of 24 or 32.
+        """Returns ``str`` with a length of 32.
 
         Length restriction are required for key type secrets because of
         requirements in AES.
 
         :param encoded_bytes: ``str`` must be at least 32 charters long
         """
-        return encoded_bytes[:random.choice([24, 32])]
+        return encoded_bytes[:32]
 
 
 def args():