diff --git a/barbican/queue/keystone_listener.py b/barbican/queue/keystone_listener.py
index 53ebdd4e2..f80f0630c 100644
--- a/barbican/queue/keystone_listener.py
+++ b/barbican/queue/keystone_listener.py
@@ -20,6 +20,7 @@ import oslo_messaging
 from oslo_service import service
 
 from barbican.common import utils
+from barbican.model import repositories
 from barbican import queue
 from barbican.tasks import keystone_consumer
 
@@ -41,6 +42,7 @@ class NotificationTask(object):
 
     def __init__(self, conf):
         self.conf = conf
+        repositories.setup_database_engine_and_factory()
 
     def info(self, ctxt, publisher_id, event_type, payload, metadata):
         """Receives notification at info level."""
diff --git a/devstack/lib/barbican b/devstack/lib/barbican
index bac2411db..2e953eb4b 100644
--- a/devstack/lib/barbican
+++ b/devstack/lib/barbican
@@ -3,7 +3,7 @@
 # Install and start **Barbican** service
 
 # To enable a minimal set of Barbican features, add the following to localrc:
-#   enable_service barbican-svc barbican-retry
+#   enable_service barbican-svc barbican-retry barbican-keystone-listener
 #
 # Dependencies:
 # - functions
@@ -51,6 +51,10 @@ function is_barbican-svc_enabled {
     [[ ,${ENABLED_SERVICES} =~ ,"barbican" ]] && return 0
 }
 
+function is_barbican-keystone-listener_enabled {
+    [[ ,${ENABLED_SERVICES} =~ ,"barbican" ]] && return 0
+}
+
 # TODO(john-wood-w) Replace the above two functions with the one below once
 # Zuul is update per above.
 ## Test if any Barbican services are enabled
@@ -134,6 +138,13 @@ function configure_barbican {
     # Increase default request buffer size, keystone auth PKI tokens can be very long
     iniset $BARBICAN_CONF_DIR/vassals/barbican-api.ini uwsgi buffer-size 65535
 
+    # Rabbit settings
+    if is_service_enabled rabbit; then
+        iniset $BARBICAN_CONF DEFAULT transport_url rabbit://$RABBIT_USERID:$RABBIT_PASSWORD@$RABBIT_HOST:5672
+    else
+        echo_summary "Barbican requires that the RabbitMQ service is enabled"
+    fi
+
     write_uwsgi_config "$BARBICAN_UWSGI_CONF" "$BARBICAN_WSGI" "/key-manager"
     ## Set up keystone
 
@@ -142,6 +153,9 @@ function configure_barbican {
 
     # Set the keystone parameters
     configure_auth_token_middleware $BARBICAN_CONF barbican $BARBICAN_AUTH_CACHE_DIR
+
+    # Enable the keystone listener
+    iniset $BARBICAN_CONF keystone_notifications enable True
 }
 
 # init_barbican - Initialize etc.
@@ -185,6 +199,9 @@ function start_barbican {
 
     # Start the retry scheduler server up.
     run_process barbican-retry "$BARBICAN_BIN_DIR/barbican-retry --config-file=$BARBICAN_CONF_DIR/barbican.conf"
+
+    # Start the barbican-keystone-listener
+    run_process barbican-keystone-listener "$BARBICAN_BIN_DIR/barbican-keystone-listener --config-file=$BARBICAN_CONF_DIR/barbican.conf"
 }
 
 # stop_barbican - Stop running processes
@@ -199,6 +216,8 @@ function stop_barbican {
     stop_process barbican-svc
 
     stop_process barbican-retry
+
+    stop_process barbican-keystone-listener
 }
 
 function get_id {