diff --git a/manifests/init.pp b/manifests/init.pp
index 3098eb33..23bcd726 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -2,7 +2,24 @@
 #
 # == Parameters
 #
-# [*swift_hash_suffix*] string of text to be used
+# [*swift_hash_path_suffix*]
+#   (Required) String. A suffix used by hash_path to offer a bit more security
+#   when generating hashes for paths. It simply appends this value to all
+#   paths; if someone knows this suffix, it's easier for them to guess the hash
+#   a path will end up with. New installations are advised to set this
+#   parameter to a random secret, which would not be disclosed ouside the
+#   organization. The same secret needs to be used by all swift servers of the
+#   same cluster. Existing installations should set this parameter to an empty
+#   string.
+#
+# [*swift_hash_path_prefix*]
+#   (Required)String. A prefix used by hash_path to offer a bit more security
+#   when generating hashes for paths. It simply appends this value to all paths;
+#   if someone knows this suffix, it's easier for them to guess the hash a path
+#   will end up with. New installations are advised to set this parameter to a
+#   random secret, which would not be disclosed ouside the organization. The
+#   same secret needs to be used by all swift servers of the same cluster.
+#   Existing installations should set this parameter to an empty string.
 #   as a salt when hashing to determine mappings in the ring.
 #   This file should be the same on every node in the cluster.
 #
@@ -15,6 +32,13 @@
 # [*max_header_size*] Max HTTP header size for incoming requests for all swift
 #   services. Recommended size is 32768 for PKI keystone tokens.
 #   (Optional) Defaults to 8192
+
+## DEPRECATED PARAMETERS
+#
+# [*swift_hash_suffix*]
+#   DEPRECATED. string of text to be used
+#   as a salt when hashing to determine mappings in the ring.
+#   This file should be the same on every node in the cluster.
 #
 # == Dependencies
 #
@@ -29,14 +53,26 @@
 # Copyright 2011 Puppetlabs Inc, unless otherwise noted.
 #
 class swift(
-  $swift_hash_suffix,
-  $package_ensure        = 'present',
-  $client_package_ensure = 'present',
-  $max_header_size       = '8192',
+  $swift_hash_path_suffix = undef,
+  $swift_hash_path_prefix = undef,
+  $package_ensure         = 'present',
+  $client_package_ensure  = 'present',
+  $max_header_size        = '8192',
+  # DEPRECATED PARAMETERS
+  $swift_hash_suffix      = undef,
 ) {
 
   include ::swift::params
 
+  if ($swift_hash_suffix == undef and $swift_hash_path_suffix == undef) {
+    fail('You must specify swift_hash_path_suffix')
+  } elsif ($swift_hash_suffix != undef and $swift_hash_path_suffix == undef) {
+    warning('swift_hash_suffix has been deprecated and should be replaced with swift_hash_path_suffix, this will be removed as part of the N-cycle')
+    $swift_hash_path_suffix_real = $swift_hash_suffix
+  } else {
+    $swift_hash_path_suffix_real = $swift_hash_path_suffix
+  }
+
   if !defined(Package['swift']) {
     package { 'swift':
       ensure => $package_ensure,
@@ -72,10 +108,9 @@ class swift(
 
   File['/etc/swift/swift.conf'] -> Swift_config<||>
 
-  swift_config { 'swift-hash/swift_hash_path_suffix':
-    value => $swift_hash_suffix,
-  }
-  swift_config { 'swift-constraints/max_header_size':
-    value => $max_header_size,
+  swift_config {
+    'swift-hash/swift_hash_path_suffix': value => $swift_hash_path_suffix_real;
+    'swift-hash/swift_hash_path_prefix': value => $swift_hash_path_prefix;
+    'swift-constraints/max_header_size': value => $max_header_size;
   }
 }
diff --git a/spec/classes/swift_spec.rb b/spec/classes/swift_spec.rb
index 3a7f5ded..e4385767 100644
--- a/spec/classes/swift_spec.rb
+++ b/spec/classes/swift_spec.rb
@@ -25,7 +25,6 @@ describe 'swift' do
     end
   end
 
-
   describe 'when using the default value for package_ensure' do
     let :file_defaults do
       {
@@ -67,6 +66,19 @@ describe 'swift' do
     end
   end
 
+  describe 'when providing swift_hash_path_prefix and swift_hash_path_suffix' do
+    let (:params) do
+        { :swift_hash_path_suffix => 'mysuffix',
+          :swift_hash_path_prefix => 'myprefix' }
+    end
+    it 'should configure swift.conf' do
+      is_expected.to contain_swift_config(
+        'swift-hash/swift_hash_path_suffix').with_value('mysuffix')
+      is_expected.to contain_swift_config(
+        'swift-hash/swift_hash_path_prefix').with_value('myprefix')
+    end
+  end
+
   describe 'when overriding client_package_ensure parameter' do
     it 'should effect ensure state of swift package' do
       params[:client_package_ensure] = '2.0.2-1'