diff --git a/barbican/templates/deployment-api.yaml b/barbican/templates/deployment-api.yaml
index 79474d6898..21c36a7dfc 100644
--- a/barbican/templates/deployment-api.yaml
+++ b/barbican/templates/deployment-api.yaml
@@ -45,6 +45,7 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "barbican-api" "containerNames" (list "barbican-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
 {{ dict "envAll" $envAll "application" "barbican" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $serviceAccountName }}
diff --git a/tools/deployment/apparmor/barbican.sh b/tools/deployment/apparmor/barbican.sh
new file mode 100755
index 0000000000..bac93281e0
--- /dev/null
+++ b/tools/deployment/apparmor/barbican.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# Copyright 2017 The Openstack-Helm Authors.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+set -xe
+
+#NOTE: Lint and package chart
+make barbican
+
+#NOTE: Deploy barbican
+tee /tmp/barbican.yaml << EOF
+pod:
+  mandatory_access_control:
+    type: apparmor
+    barbican-api:
+      barbican-api: localhost/docker-default
+EOF
+
+#NOTE: Deploy command
+  helm upgrade --install barbican ./barbican \
+      --namespace=openstack \
+      --values=/tmp/barbican.yaml
+      ${OSH_EXTRA_HELM_ARGS} \
+      ${OSH_EXTRA_HELM_ARGS_BARBICAN}
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh openstack
+
+#NOTE: Validate Deployment info
+helm status  barbican
+
+helm test barbican
\ No newline at end of file
diff --git a/zuul.d/jobs-openstack-helm.yaml b/zuul.d/jobs-openstack-helm.yaml
index 388d14e3b9..3df8fa1c41 100644
--- a/zuul.d/jobs-openstack-helm.yaml
+++ b/zuul.d/jobs-openstack-helm.yaml
@@ -247,6 +247,7 @@
         - ./tools/deployment/component/compute-kit/openvswitch.sh
         - ./tools/deployment/component/compute-kit/libvirt.sh
         - ./tools/deployment/apparmor/compute-kit.sh
+        - ./tools/deployment/apparmor/barbican.sh
         - ./tools/deployment/developer/common/170-setup-gateway.sh
         - ./tools/deployment/developer/common/900-use-it.sh