diff --git a/manifests/plugins/p11_crypto.pp b/manifests/plugins/p11_crypto.pp
index 47bdd1cf..e72ed72d 100644
--- a/manifests/plugins/p11_crypto.pp
+++ b/manifests/plugins/p11_crypto.pp
@@ -19,8 +19,17 @@
 # [*p11_crypto_plugin_hmac_label*]
 #   (required) Label to identify master KEK in the HSM
 #
+# [*p11_crypto_plugin_token_serial_number*]
+#   (optional) Serial number to identify PKCS#11 token
+#   Defaults to $::os_service_default
+#
+# [*p11_crypto_plugin_token_label*]
+#   (optional) Label to identify PKCS#11 token
+#   Defaults to $::os_service_default
+#
 # [*p11_crypto_plugin_slot_id*]
-#   (required) HSM Slot id
+#   (optional) HSM Slot id
+#   Defaults to $::os_service_default
 #
 # [*p11_crypto_plugin_encryption_mechanism*]
 #   (optional) PKCS#11 Mechanism used for encryption
@@ -52,7 +61,9 @@ class barbican::plugins::p11_crypto (
   $p11_crypto_plugin_mkek_label            = undef,
   $p11_crypto_plugin_mkek_length           = undef,
   $p11_crypto_plugin_hmac_label            = undef,
-  $p11_crypto_plugin_slot_id               = undef,
+  $p11_crypto_plugin_token_serial_number   = $::os_service_default,
+  $p11_crypto_plugin_token_label           = $::os_service_default,
+  $p11_crypto_plugin_slot_id               = $::os_service_default,
   $p11_crypto_plugin_encryption_mechanism  = $::os_service_default,
   $p11_crypto_plugin_hmac_key_type         = $::os_service_default,
   $p11_crypto_plugin_hmac_keygen_mechanism = $::os_service_default,
@@ -77,9 +88,6 @@ class barbican::plugins::p11_crypto (
   if $p11_crypto_plugin_hmac_label == undef {
       fail('p11_crypto_plugin_hmac_label must be defined')
   }
-  if $p11_crypto_plugin_slot_id == undef {
-      fail('p11_crypto_plugin_slot_id must be defined')
-  }
 
   barbican_config {
     'p11_crypto_plugin/library_path':          value => $p11_crypto_plugin_library_path;
@@ -87,6 +95,8 @@ class barbican::plugins::p11_crypto (
     'p11_crypto_plugin/mkek_label':            value => $p11_crypto_plugin_mkek_label;
     'p11_crypto_plugin/mkek_length':           value => $p11_crypto_plugin_mkek_length;
     'p11_crypto_plugin/hmac_label':            value => $p11_crypto_plugin_hmac_label;
+    'p11_crypto_plugin/token_serial_number':   value => $p11_crypto_plugin_token_serial_number;
+    'p11_crypto_plugin/token_label':           value => $p11_crypto_plugin_token_label;
     'p11_crypto_plugin/slot_id':               value => $p11_crypto_plugin_slot_id;
     'p11_crypto_plugin/encryption_mechanism':  value => $p11_crypto_plugin_encryption_mechanism;
     'p11_crypto_plugin/hmac_key_type':         value => $p11_crypto_plugin_hmac_key_type;
diff --git a/releasenotes/notes/add-support-for-token-label-and-serial-5b6ec6acc7f9d791.yaml b/releasenotes/notes/add-support-for-token-label-and-serial-5b6ec6acc7f9d791.yaml
new file mode 100644
index 00000000..3561b516
--- /dev/null
+++ b/releasenotes/notes/add-support-for-token-label-and-serial-5b6ec6acc7f9d791.yaml
@@ -0,0 +1,10 @@
+---
+features:
+  - |
+    Added support for two new options for Barbican's PKCS#11 backend.  The
+    new options are ``[p11_crypto]token_serial_number`` and
+    ``[p11_crypto]token_label``.
+
+  - |
+    The ``barbican::plugins::p11_crypto::p11_crypto_plugin_slot_id`` parameter
+    has become an optional parameter instead of a required one.
diff --git a/spec/classes/barbican_plugins_p11_crypto_spec.rb b/spec/classes/barbican_plugins_p11_crypto_spec.rb
index 9c21b8f6..69a825e3 100644
--- a/spec/classes/barbican_plugins_p11_crypto_spec.rb
+++ b/spec/classes/barbican_plugins_p11_crypto_spec.rb
@@ -29,6 +29,8 @@ describe 'barbican::plugins::p11_crypto' do
           :p11_crypto_plugin_mkek_label                => 'mkek_label',
           :p11_crypto_plugin_mkek_length               => 32,
           :p11_crypto_plugin_hmac_label                => 'hmac_label',
+          :p11_crypto_plugin_token_serial_number       => 'token_serial',
+          :p11_crypto_plugin_token_label               => 'token_label',
           :p11_crypto_plugin_slot_id                   => 1,
           :p11_crypto_plugin_library_path              => '/usr/lib/libCryptoki2_64.so',
           :p11_crypto_plugin_encryption_mechanism      => 'CKM_AES_CBC',
@@ -48,6 +50,10 @@ describe 'barbican::plugins::p11_crypto' do
           .with_value(params[:p11_crypto_plugin_mkek_length])
         is_expected.to contain_barbican_config('p11_crypto_plugin/hmac_label') \
           .with_value(params[:p11_crypto_plugin_hmac_label])
+        is_expected.to contain_barbican_config('p11_crypto_plugin/token_serial_number') \
+          .with_value(params[:p11_crypto_plugin_token_serial_number])
+        is_expected.to contain_barbican_config('p11_crypto_plugin/token_label') \
+          .with_value(params[:p11_crypto_plugin_token_label])
         is_expected.to contain_barbican_config('p11_crypto_plugin/slot_id') \
           .with_value(params[:p11_crypto_plugin_slot_id])
         is_expected.to contain_barbican_config('p11_crypto_plugin/library_path') \