diff --git a/doc/common/section_cli_openrc.xml b/doc/common/section_cli_openrc.xml
index 8da2c00308..99e98f4bfb 100644
--- a/doc/common/section_cli_openrc.xml
+++ b/doc/common/section_cli_openrc.xml
@@ -129,4 +129,5 @@ export OS_REGION_NAME=regionName
$ keystone --os-password PASSWORD service-list
Where PASSWORD is your password.
+
diff --git a/doc/common/section_keystone-keyring-support.xml b/doc/common/section_keystone-keyring-support.xml
new file mode 100644
index 0000000000..134e9ae765
--- /dev/null
+++ b/doc/common/section_keystone-keyring-support.xml
@@ -0,0 +1,28 @@
+
+
+ Keyring support
+ Keyring is a password management system available in OpenStack.
+ You can install it using the following command:
+ $ pip install keyring
+
+ Keyring is used only if --os-use-keyring
+ is specified or if the environment variable
+ OS_USE_KEYRING=true is defined.
+
+ A user specifies their username and password credentials to interact
+ with OpenStack, using any client command. These credentials can be specified
+ using various mechanisms, namely, the environment variable, or command line argument.
+ It is not safe to specify the password using either of these methods.
+ For example, when you specify your password using the command-line client
+ with the --os-password argument, anyone with access
+ to your computer can view it in plain text with the ps
+ field.
+ To avoid storing the password in plain text, you can prompt for the
+ OpenStack password interactively. Then, the keyring can store the password
+ and the user can safely retrieve it from their keyring. The encrypted password
+ is stored in the ~/.openstack-keyring.cfg file.
+