diff --git a/manifests/policy/base.pp b/manifests/policy/base.pp
index 47ecffed..b2fefd45 100644
--- a/manifests/policy/base.pp
+++ b/manifests/policy/base.pp
@@ -83,9 +83,15 @@ define openstacklib::policy::base (
         ~> Augeas<| title == "${file_path}-${key}-${value}" |>
     }
     'yaml': {
+      # NOTE(tkajianm): Currently we use single quotes('') to quote the whole
+      #                 value, thus a single quote in value should be escaped
+      #                 by another single quote (which results in '')
+      # NOTE(tkajinam): Replace '' by ' first in case ' is already escaped
+      $value_real = regsubst(regsubst($value, '\'\'', '\'', 'G'), '\'', '\'\'', 'G')
+
       file_line { "${file_path}-${key}" :
         path  => $file_path,
-        line  => "'${key}': '${value}'",
+        line  => "'${key}': '${value_real}'",
         match => "^['\"]?${key}['\"]?\\s*:.+"
       }
       Openstacklib::Policy::Default<| title == $file_path |>
diff --git a/spec/defines/openstacklib_policy_base_spec.rb b/spec/defines/openstacklib_policy_base_spec.rb
index 314830b7..75e34c29 100644
--- a/spec/defines/openstacklib_policy_base_spec.rb
+++ b/spec/defines/openstacklib_policy_base_spec.rb
@@ -74,6 +74,34 @@ describe 'openstacklib::policy::base' do
         :line  => '\'context_is_admin or owner\': \'foo:bar\'',
         :match => '^[\'"]?context_is_admin or owner[\'"]?\s*:.+'
       ) }
+
+      context 'with single-quotes in value' do
+        before do
+          params.merge!({
+            :value => 'foo:\'bar\''
+          })
+        end
+
+        it { should contain_file_line('/etc/nova/policy.yaml-context_is_admin or owner').with(
+          :path  => '/etc/nova/policy.yaml',
+          :line  => '\'context_is_admin or owner\': \'foo:\'\'bar\'\'\'',
+          :match => '^[\'"]?context_is_admin or owner[\'"]?\s*:.+'
+        ) }
+      end
+
+      context 'with pre-formatted single-quotes in value' do
+        before do
+          params.merge!({
+            :value => 'foo:\'\'bar\'\''
+          })
+        end
+
+        it { should contain_file_line('/etc/nova/policy.yaml-context_is_admin or owner').with(
+          :path  => '/etc/nova/policy.yaml',
+          :line  => '\'context_is_admin or owner\': \'foo:\'\'bar\'\'\'',
+          :match => '^[\'"]?context_is_admin or owner[\'"]?\s*:.+'
+        ) }
+      end
     end
 
     context 'with purge_config enabled' do