diff --git a/manifests/keystone/auth.pp b/manifests/keystone/auth.pp
index b6ea0364..8ee4b348 100644
--- a/manifests/keystone/auth.pp
+++ b/manifests/keystone/auth.pp
@@ -29,7 +29,9 @@ class swift::keystone::auth(
   $public_protocol   = 'http',
   $public_address    = undef,
   $public_port       = undef,
+  $admin_protocol    = 'http',
   $admin_address     = undef,
+  $internal_protocol = 'http',
   $internal_address  = undef
 ) {
 
@@ -78,8 +80,8 @@ if $address != '127.0.0.1' {
   keystone_endpoint { "${region}/${auth_name}":
     ensure       => present,
     public_url   => "${public_protocol}://${real_public_address}:${real_public_port}/v1/AUTH_%(tenant_id)s",
-    admin_url    => "http://${real_admin_address}:${port}/",
-    internal_url => "http://${real_internal_address}:${port}/v1/AUTH_%(tenant_id)s",
+    admin_url    => "${admin_protocol}://${real_admin_address}:${port}/",
+    internal_url => "${internal_protocol}://${real_internal_address}:${port}/v1/AUTH_%(tenant_id)s",
   }
 
   keystone_service { "${auth_name}_s3":
@@ -90,8 +92,8 @@ if $address != '127.0.0.1' {
   keystone_endpoint { "${region}/${auth_name}_s3":
     ensure       => present,
     public_url   => "${public_protocol}://${real_public_address}:${real_public_port}",
-    admin_url    => "http://${real_admin_address}:${port}",
-    internal_url => "http://${real_internal_address}:${port}",
+    admin_url    => "${admin_protocol}://${real_admin_address}:${port}",
+    internal_url => "${internal_protocol}://${real_internal_address}:${port}",
   }
   if $operator_roles {
     #Roles like "admin" may be defined elsewhere, so use ensure_resource
diff --git a/spec/classes/swift_keystone_auth_spec.rb b/spec/classes/swift_keystone_auth_spec.rb
index 7f72b563..f2a38423 100644
--- a/spec/classes/swift_keystone_auth_spec.rb
+++ b/spec/classes/swift_keystone_auth_spec.rb
@@ -46,6 +46,32 @@ describe 'swift::keystone::auth' do
     end
   end
 
+  describe 'overriding public_port public_protocol, admin_protocol and internal_protocol' do
+
+    let :params do
+      {
+        :port              => '443',
+        :public_protocol   => 'https',
+        :admin_protocol    => 'https',
+        :internal_protocol => 'https',
+      }
+    end
+
+    it { should contain_keystone_endpoint('RegionOne/swift').with(
+      :ensure       => 'present',
+      :public_url   => "https://127.0.0.1:443/v1/AUTH_%(tenant_id)s",
+      :admin_url    => "https://127.0.0.1:443/",
+      :internal_url => "https://127.0.0.1:443/v1/AUTH_%(tenant_id)s"
+    ) }
+
+    it { should contain_keystone_endpoint('RegionOne/swift_s3').with(
+      :ensure       => 'present',
+      :public_url   => 'https://127.0.0.1:443',
+      :admin_url    => 'https://127.0.0.1:443',
+      :internal_url => 'https://127.0.0.1:443'
+    ) }
+  end
+
   describe 'when overriding public_port, public address, admin_address and internal_address' do
 
     let :params do