diff --git a/manifests/image.pp b/manifests/image.pp
index 7b00d7db..0634a814 100644
--- a/manifests/image.pp
+++ b/manifests/image.pp
@@ -123,6 +123,17 @@ class cloud::image(
     rbd_store_pool => $rbd_store_pool
   }
 
+  Ceph::Key <<| title == $glance_user |>>
+  if defined(Ceph::Key[$glance_user]) {
+    file { '/etc/ceph/ceph.client.glance.keyring':
+      owner   => 'glance',
+      group   => 'glance',
+      mode    => '0400',
+      require => Ceph::Key[$glance_user]
+    }
+  }
+  Concat::Fragment <<| title == 'ceph-client-os' |>>
+
   class { 'glance::cache::cleaner': }
   class { 'glance::cache::pruner': }
 
diff --git a/manifests/storage/rbd/pools.pp b/manifests/storage/rbd/pools.pp
index 5ae419e5..3767bc77 100644
--- a/manifests/storage/rbd/pools.pp
+++ b/manifests/storage/rbd/pools.pp
@@ -86,6 +86,29 @@ class cloud::storage::rbd::pools(
         }
       }
 
+      $clients = ['glance', 'cinder']
+      @@concat::fragment { 'ceph-clients-os':
+        target  => '/etc/ceph/ceph.conf',
+        order   => '95',
+        content => template('cloud/storage/ceph/ceph-client.conf.erb')
+      }
+
+      if $::ceph_keyring_glance {
+        # NOTE(fc): Puppet needs to run a second time to enter this
+        @@ceph::key { $glance_user:
+          secret       => $::ceph_keyring_glance,
+          keyring_path => "/etc/ceph/ceph.client.${glance_user}.keyring"
+        }
+      }
+
+      if $::ceph_keyring_cinder {
+        # NOTE(fc): Puppet needs to run a second time to enter this
+        @@ceph::key { $cinder_user:
+          secret       => $::ceph_keyring_cinder,
+          keyring_path => "/etc/ceph/ceph.client.${cinder_user}.keyring"
+        }
+      }
+
 #exec { "create cinder backup pool":
 #TODO: point PG num with a cluster variable + keyring
 #  command => "/usr/bin/ceph osd pool create ${::cinder_backup_pool} 128 128",
diff --git a/manifests/volume/storage.pp b/manifests/volume/storage.pp
index 62d3f613..4ad936ae 100644
--- a/manifests/volume/storage.pp
+++ b/manifests/volume/storage.pp
@@ -34,4 +34,15 @@ class cloud::volume::storage(
     rbd_secret_uuid    => $cinder_rbd_secret_uuid
   }
 
+  Ceph::Key <<| title == $cinder_user |>>
+  if defined(Ceph::Key[$cinder_user]) {
+    file { '/etc/ceph/ceph.client.cinder.keyring':
+      owner   => 'cinder',
+      group   => 'cinder',
+      mode    => '0400',
+      require => Ceph::Key[$cinder_user]
+    }
+  }
+  Concat::Fragment <<| title == 'ceph-client-os' |>>
+
 }
diff --git a/templates/storage/ceph/ceph-client.conf.erb b/templates/storage/ceph/ceph-client.conf.erb
index 85c007e3..40c34408 100644
--- a/templates/storage/ceph/ceph-client.conf.erb
+++ b/templates/storage/ceph/ceph-client.conf.erb
@@ -1,6 +1,8 @@
+<% if @clients %>
 <% @clients.each do |client| %>
 
 [client.<%= @client %>]
     keyring = /etc/ceph/ceph.client.<%= @client %>.keyring
 
 <% end %>
+<% end %>