diff --git a/keystone/values.yaml b/keystone/values.yaml
index 0316b0e7e6..6ebd8ad9be 100644
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@@ -314,8 +314,11 @@ jobs:
     user: keystone
     group: keystone
   fernet_rotate:
-    # weekly
-    cron: "0 0 * * 0"
+    # NOTE(rk760n): key rotation frequency, token expiration, active keys should statisfy the formula
+    # max_active_keys = (token_expiration / rotation_frequency) + 2
+    # as expiration is 12h, and max_active_keys set to 3 by default, rotation_frequency need to be adjusted
+    # 12 hours
+    cron: "0 */12 * * *"
     user: keystone
     group: keystone
     history:
@@ -341,6 +344,8 @@ conf:
       max_token_size: 255
     token:
       provider: fernet
+      # 12 hours
+      expiration: 43200
     identity:
       domain_specific_drivers_enabled: True
       domain_config_dir: /etc/keystonedomains