diff --git a/manifests/api.pp b/manifests/api.pp
index 92acc7f6..5930e8a0 100644
--- a/manifests/api.pp
+++ b/manifests/api.pp
@@ -436,13 +436,21 @@ class barbican::api (
       # Debian is using UWSGI, not gunicorn
       if $facts['os']['name'] != 'Debian' {
         file_line { 'Modify bind_port in gunicorn-config.py':
-          path  => '/etc/barbican/gunicorn-config.py',
-          line  => "bind = '${bind_host}:${bind_port}'",
-          match => '^bind = .*',
-          tag   => 'modify-bind-port',
+          path    => '/etc/barbican/gunicorn-config.py',
+          line    => "bind = '${bind_host}:${bind_port}'",
+          match   => '^bind = .*',
+          tag     => 'modify-bind-port',
+          require => Anchor['barbican::config::begin'],
+          before  => Anchor['barbican::config::end'],
+          notify  => Service['barbican-api'],
         }
       }
 
+      # On any paste-api.ini config change, we must restart Barbican API.
+      Barbican_api_paste_ini<||> ~> Service['barbican-api']
+      # On any uwsgi config change, we must restart Barbican API.
+      Barbican_api_uwsgi_config<||> ~> Service['barbican-api']
+
     } elsif $service_name == 'httpd' {
       # Ubuntu packages does not have a barbican-api service
       if $facts['os']['name'] != 'Ubuntu' {
@@ -456,7 +464,12 @@ class barbican::api (
 
         # we need to make sure barbican-api is stopped before trying to start apache
         Service['barbican-api'] -> Service[$service_name]
+
       }
+
+      # On any paste-api.ini config change, we must restart Barbican API.
+      Barbican_api_paste_ini<||> ~> Service[$service_name]
+
     } else {
       fail('Invalid service_name.')
     }
diff --git a/manifests/db.pp b/manifests/db.pp
index a34362c3..c45d7d33 100644
--- a/manifests/db.pp
+++ b/manifests/db.pp
@@ -87,4 +87,7 @@ class barbican::db (
     'DEFAULT/sql_pool_max_overflow': value => $database_max_overflow;
   }
 
+  # all db settings should be applied and all packages should be installed
+  # before dbsync starts
+  Oslo::Db['barbican_config'] -> Anchor['barbican::dbsync::begin']
 }
diff --git a/manifests/deps.pp b/manifests/deps.pp
index e16717a4..a20dc6f5 100644
--- a/manifests/deps.pp
+++ b/manifests/deps.pp
@@ -24,29 +24,13 @@ class barbican::deps {
   ~> Service<| tag == 'barbican-service' |>
   ~> anchor { 'barbican::service::end': }
 
-  # all db settings should be applied and all packages should be installed
-  # before dbsync starts
-  Oslo::Db<||> -> Anchor['barbican::dbsync::begin']
-
-  # policy config should occur in the config block also.
-  Anchor['barbican::config::begin']
-  -> Openstacklib::Policy<| tag == 'barbican' |>
-  -> Anchor['barbican::config::end']
-
-  # barbican-api-paste.ini config should occur in the config block also.
   Anchor['barbican::config::begin']
   -> Barbican_api_paste_ini<||>
-  ~> Anchor['barbican::config::end']
+  -> Anchor['barbican::config::end']
 
-  # On any uwsgi config change, we must restart Barbican API.
   Anchor['barbican::config::begin']
   -> Barbican_api_uwsgi_config<||>
-  ~> Anchor['barbican::config::end']
-
-  # Ensure files are modified in the config block
-  Anchor['barbican::config::begin']
-  -> File_line<| tag == 'modify-bind-port' |>
-  ~> Anchor['barbican::config::end']
+  -> Anchor['barbican::config::end']
 
   # Installation or config changes will always restart services.
   Anchor['barbican::install::end'] ~> Anchor['barbican::service::begin']
diff --git a/manifests/keystone/authtoken.pp b/manifests/keystone/authtoken.pp
index 6d15cecf..92798cb5 100644
--- a/manifests/keystone/authtoken.pp
+++ b/manifests/keystone/authtoken.pp
@@ -279,4 +279,6 @@ class barbican::keystone::authtoken(
       service_type                   => $service_type,
       interface                      => $interface;
   }
+
+  Keystone::Resource::Authtoken['barbican_config'] -> Anchor['barbican::config::end']
 }
diff --git a/manifests/policy.pp b/manifests/policy.pp
index 65f907db..5e328bbe 100644
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@@ -65,11 +65,15 @@ class barbican::policy (
     file_group   => $::barbican::params::group,
     file_format  => 'yaml',
     purge_config => $purge_config,
-    tag          => 'barbican',
   }
 
   create_resources('openstacklib::policy', { $policy_path => $policy_parameters })
 
+  # policy config should occur in the config block also.
+  Anchor['barbican::config::begin']
+  -> Openstacklib::Policy[$policy_path]
+  -> Anchor['barbican::config::end']
+
   oslo::policy { 'barbican_config':
     enforce_scope        => $enforce_scope,
     enforce_new_defaults => $enforce_new_defaults,
@@ -77,5 +81,4 @@ class barbican::policy (
     policy_default_rule  => $policy_default_rule,
     policy_dirs          => $policy_dirs,
   }
-
 }
diff --git a/spec/classes/barbican_policy_spec.rb b/spec/classes/barbican_policy_spec.rb
index f047ef7c..b115db57 100644
--- a/spec/classes/barbican_policy_spec.rb
+++ b/spec/classes/barbican_policy_spec.rb
@@ -33,7 +33,6 @@ describe 'barbican::policy' do
           :file_group   => 'barbican',
           :file_format  => 'yaml',
           :purge_config => false,
-          :tag          => 'barbican',
         )
         is_expected.to contain_oslo__policy('barbican_config').with(
           :enforce_scope        => false,
@@ -64,7 +63,6 @@ describe 'barbican::policy' do
           :file_group   => 'barbican',
           :file_format  => 'yaml',
           :purge_config => true,
-          :tag          => 'barbican',
         )
         is_expected.to contain_oslo__policy('barbican_config').with(
           :enforce_scope        => false,