diff --git a/castellan/key_manager/barbican_key_manager.py b/castellan/key_manager/barbican_key_manager.py
index e3157506..a9c14a1d 100644
--- a/castellan/key_manager/barbican_key_manager.py
+++ b/castellan/key_manager/barbican_key_manager.py
@@ -22,8 +22,9 @@ import time
 from cryptography.hazmat import backends
 from cryptography.hazmat.primitives import serialization
 from cryptography import x509 as cryptography_x509
-from keystoneclient.auth import identity
-from keystoneclient import session
+from keystoneauth1 import identity
+from keystoneauth1 import loading
+from keystoneauth1 import session
 from oslo_config import cfg
 from oslo_log import log as logging
 from oslo_utils import excutils
@@ -85,7 +86,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
         self._base_url = None
         self.conf = configuration
         self.conf.register_opts(barbican_opts, group=BARBICAN_OPT_GROUP)
-        session.Session.register_conf_options(self.conf, BARBICAN_OPT_GROUP)
+        loading.register_session_conf_options(self.conf, BARBICAN_OPT_GROUP)
 
     def _get_barbican_client(self, context):
         """Creates a client to connect to the Barbican service.
@@ -130,7 +131,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
         auth_url = self.conf.barbican.auth_endpoint
 
         if context.__class__.__name__ is 'KeystonePassword':
-            return identity.v3.Password(
+            return identity.V3Password(
                 auth_url=auth_url,
                 username=context.username,
                 password=context.password,
@@ -146,7 +147,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
                 project_domain_name=context.project_domain_name,
                 reauthenticate=context.reauthenticate)
         elif context.__class__.__name__ is 'KeystoneToken':
-            return identity.v3.Token(
+            return identity.V3Token(
                 auth_url=auth_url,
                 token=context.token,
                 trust_id=context.trust_id,
@@ -160,7 +161,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
         # this will be kept for oslo.context compatibility until
         # projects begin to use utils.credential_factory
         elif context.__class__.__name__ is 'RequestContext':
-            return identity.v3.Token(
+            return identity.V3Token(
                 auth_url=auth_url,
                 token=context.auth_token,
                 project_id=context.tenant)
diff --git a/castellan/tests/functional/key_manager/test_barbican_key_manager.py b/castellan/tests/functional/key_manager/test_barbican_key_manager.py
index 13fde2b0..a2ac2fe9 100644
--- a/castellan/tests/functional/key_manager/test_barbican_key_manager.py
+++ b/castellan/tests/functional/key_manager/test_barbican_key_manager.py
@@ -21,9 +21,8 @@ Note: This requires local running instances of Barbican and Keystone.
 import abc
 import uuid
 
-from keystoneclient.auth.identity import v3
-from keystoneclient import session
-from keystoneclient.v3 import client
+from keystoneauth1 import identity
+from keystoneauth1 import session
 from oslo_config import cfg
 from oslo_context import context
 from oslotest import base
@@ -113,22 +112,16 @@ class BarbicanKeyManagerOSLOContextTestCase(BarbicanKeyManagerTestCase,
         user_domain_name = CONF.identity.user_domain_name
         project_domain_name = CONF.identity.project_domain_name
 
-        auth = v3.Password(auth_url=auth_url,
-                           username=username,
-                           password=password,
-                           project_name=project_name,
-                           user_domain_name=user_domain_name,
-                           project_domain_name=project_domain_name)
+        auth = identity.V3Password(auth_url=auth_url,
+                                   username=username,
+                                   password=password,
+                                   project_name=project_name,
+                                   user_domain_name=user_domain_name,
+                                   project_domain_name=project_domain_name)
         sess = session.Session(auth=auth)
-        keystone_client = client.Client(session=sess)
 
-        project_list = keystone_client.projects.list(name=project_name)
-
-        ctxt = context.RequestContext(
-            auth_token=auth.auth_ref.auth_token,
-            tenant=project_list[0].id)
-
-        return ctxt
+        return context.RequestContext(auth_token=auth.get_token(sess),
+                                      tenant=auth.get_project_id(sess))
 
 
 class BarbicanKeyManagerKSPasswordTestCase(BarbicanKeyManagerTestCase,
@@ -161,19 +154,14 @@ class BarbicanKeyManagerKSTokenTestCase(BarbicanKeyManagerTestCase,
         user_domain_name = CONF.identity.user_domain_name
         project_domain_name = CONF.identity.project_domain_name
 
-        auth = v3.Password(auth_url=auth_url,
-                           username=username,
-                           password=password,
-                           project_name=project_name,
-                           user_domain_name=user_domain_name,
-                           project_domain_name=project_domain_name)
-        sess = session.Session(auth=auth)
-        keystone_client = client.Client(session=sess)
+        auth = identity.V3Password(auth_url=auth_url,
+                                   username=username,
+                                   password=password,
+                                   project_name=project_name,
+                                   user_domain_name=user_domain_name,
+                                   project_domain_name=project_domain_name)
+        sess = session.Session()
 
-        project_list = keystone_client.projects.list(name=project_name)
-
-        ctxt = keystone_token.KeystoneToken(
-            token=auth.auth_ref.auth_token,
-            project_id=project_list[0].id)
-
-        return ctxt
+        return keystone_token.KeystoneToken(
+            token=auth.get_token(sess),
+            project_id=auth.get_project_id(sess))
diff --git a/doc/source/usage.rst b/doc/source/usage.rst
index ca438558..b1508a20 100644
--- a/doc/source/usage.rst
+++ b/doc/source/usage.rst
@@ -52,7 +52,7 @@ provided.
 .. note::
 
   Keystone Token and Password authentication is achieved using
-  keystoneclient.auth.identity.v3 Token and Password auth plugins.
+  keystoneauth1.identity Token and Password auth plugins.
   There are a variety of different variables which can be set for the
   keystone credential options.
 
@@ -88,23 +88,23 @@ that is being abstracted.
 
 .. code:: python
 
-    from keystoneclient.v3 import client
+    from keystoneauth1 import identity
+    from keystoneauth1 import session
     from oslo_context import context
 
     username = 'admin'
     password = 'openstack'
     project_name = 'admin'
-    auth_url = 'http://localhost:5000/v3'
-    keystone_client = client.Client(username=username,
-                                    password=password,
-                                    project_name=project_name,
-                                    auth_url=auth_url,
-                                    project_domain_id='default')
+    auth_url = 'http://localhost:5000/'
+    auth = identity.Password(auth_url=auth_url,
+                             username=username,
+                             password=password,
+                             project_name=project_name,
+                             default_domain_id='default')
+    sess = session.Session()
 
-    project_list = keystone_client.projects.list(name=project_name)
-
-    ctxt = context.RequestContext(auth_token=keystone_client.auth_token,
-                                  tenant=project_list[0].id)
+    ctxt = context.RequestContext(auth_token=auth.get_token(sess),
+                                  tenant=auth.get_project_id(sess))
 
 ctxt can then be passed into any key_manager api call.