diff --git a/manifests/key_manager.pp b/manifests/key_manager.pp
new file mode 100644
index 0000000..0f53cc2
--- /dev/null
+++ b/manifests/key_manager.pp
@@ -0,0 +1,25 @@
+# == Define: oslo::key_manager
+#
+# Configure key_manager options implemented in the castellan library
+#
+# === Parameters
+#
+# [*config*]
+#   (Optional) The resource type used to apply configuration parameters.
+#   Defaults to $name
+#
+# [*backend*]
+#   (Optional) Specify the key manager implementation.
+#   Defaults to $::os_service_default
+#
+define oslo::key_manager(
+  $config  = $name,
+  $backend = $::os_service_default,
+) {
+
+  $key_manager_options = {
+    'key_manager/backend' => { value => $backend },
+  }
+
+  create_resources($config, $key_manager_options)
+}
diff --git a/manifests/key_manager/barbican.pp b/manifests/key_manager/barbican.pp
new file mode 100644
index 0000000..1c434fe
--- /dev/null
+++ b/manifests/key_manager/barbican.pp
@@ -0,0 +1,62 @@
+# == Define: oslo::key_manager::barbican
+#
+# Setup and configure Barbican Key Manager options
+#
+# === Parameters
+#
+# [*config*]
+#   (Optional) The resource type used to apply configuration parameters.
+#   Defaults to $name
+#
+# [*barbican_endpoint*]
+#   (Optional) Use this endpoint to connect to Barbican.
+#   Defaults to $::os_service_default
+#
+# [*barbican_api_version*]
+#   (Optional) Version of the Barbican API.
+#   Defaults to $::os_service_default
+#
+# [*auth_endpoint*]
+#   (Optional) Use this endpoint to connect to Keystone.
+#   Defaults to $::os_service_default
+#
+# [*retry_delay*]
+#   (Optional) Number of seconds to wait before retrying poll for key creation
+#   completion.
+#   Defaults to $::os_service_default
+#
+# [*number_of_retries*]
+#   (Optional) Number of times to retry poll fo key creation completion.
+#   Defaults to $::os_service_default
+#
+# [*barbican_endpoint_type*]
+#   (Optional) Specifies the type of endpoint.
+#   Defaults to $::os_service_default
+#
+# [*barbican_region_name*]
+#   (Optional) Specifies the region of the chosen endpoint.
+#   Defaults to $::os_service_default
+#
+define oslo::key_manager::barbican (
+  $config                 = $name,
+  $barbican_endpoint      = $::os_service_default,
+  $barbican_api_version   = $::os_service_default,
+  $auth_endpoint          = $::os_service_default,
+  $retry_delay            = $::os_service_default,
+  $number_of_retries      = $::os_service_default,
+  $barbican_endpoint_type = $::os_service_default,
+  $barbican_region_name   = $::os_service_default,
+) {
+
+  $barbican_options = {
+    'barbican/barbican_endpoint'      => { value => $barbican_endpoint },
+    'barbican/barbican_api_version'   => { value => $barbican_api_version },
+    'barbican/auth_endpoint'          => { value => $auth_endpoint },
+    'barbican/retry_delay'            => { value => $retry_delay },
+    'barbican/number_of_retries'      => { value => $number_of_retries },
+    'barbican/barbican_endpoint_type' => { value => $barbican_endpoint_type },
+    'barbican/barbican_region_name'   => { value => $barbican_region_name },
+  }
+
+  create_resources($config, $barbican_options)
+}
diff --git a/spec/defines/oslo_key_manager_barbican_spec.rb b/spec/defines/oslo_key_manager_barbican_spec.rb
new file mode 100644
index 0000000..c650305
--- /dev/null
+++ b/spec/defines/oslo_key_manager_barbican_spec.rb
@@ -0,0 +1,61 @@
+require 'spec_helper'
+
+describe 'oslo::key_manager::barbican' do
+
+  let (:title) { 'keystone_config' }
+
+  shared_examples 'oslo::key_manager::barbican' do
+
+    context 'with default parameters' do
+      let :params do
+        {}
+      end
+
+      it 'configure key_manager default params' do
+        is_expected.to contain_keystone_config('barbican/barbican_endpoint').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('barbican/barbican_api_version').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('barbican/auth_endpoint').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('barbican/retry_delay').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('barbican/number_of_retries').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('barbican/barbican_endpoint_type').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('barbican/barbican_region_name').with_value('<SERVICE DEFAULT>')
+      end
+    end
+
+    context 'with parameters overridden' do
+      let :params do
+        {
+          :barbican_endpoint      => 'http://localhost:9311/',
+          :barbican_api_version   => 'v1',
+          :auth_endpoint          => 'http://localhost:5000',
+          :retry_delay            => 1,
+          :number_of_retries      => 60,
+          :barbican_endpoint_type => 'public',
+          :barbican_region_name   => 'regionOne',
+        }
+      end
+
+      it 'configure key_manager params' do
+        is_expected.to contain_keystone_config('barbican/barbican_endpoint').with_value('http://localhost:9311/')
+        is_expected.to contain_keystone_config('barbican/barbican_api_version').with_value('v1')
+        is_expected.to contain_keystone_config('barbican/auth_endpoint').with_value('http://localhost:5000')
+        is_expected.to contain_keystone_config('barbican/retry_delay').with_value(1)
+        is_expected.to contain_keystone_config('barbican/number_of_retries').with_value(60)
+        is_expected.to contain_keystone_config('barbican/barbican_endpoint_type').with_value('public')
+        is_expected.to contain_keystone_config('barbican/barbican_region_name').with_value('regionOne')
+      end
+    end
+  end
+
+  on_supported_os({
+    :supported_os => OSDefaults.get_supported_os
+  }).each do |os,facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts())
+      end
+
+      include_examples 'oslo::key_manager::barbican'
+    end
+  end
+end
diff --git a/spec/defines/oslo_key_manager_spec.rb b/spec/defines/oslo_key_manager_spec.rb
new file mode 100644
index 0000000..849ef76
--- /dev/null
+++ b/spec/defines/oslo_key_manager_spec.rb
@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+describe 'oslo::key_manager' do
+
+  let (:title) { 'keystone_config' }
+
+  shared_examples 'oslo::key_manager' do
+
+    context 'with default parameters' do
+      let :params do
+        {}
+      end
+
+      it 'configure key_manager default params' do
+        is_expected.to contain_keystone_config('key_manager/backend').with_value('<SERVICE DEFAULT>')
+      end
+    end
+
+    context 'with parameters overridden' do
+      let :params do
+        {
+          :backend => 'barbican'
+        }
+      end
+
+      it 'configure key_manager params' do
+        is_expected.to contain_keystone_config('key_manager/backend').with_value('barbican')
+      end
+    end
+  end
+
+  on_supported_os({
+    :supported_os => OSDefaults.get_supported_os
+  }).each do |os,facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts())
+      end
+
+      include_examples 'oslo::key_manager'
+    end
+  end
+end