diff --git a/armada/handlers/document.py b/armada/handlers/document.py
index d16a6f81..4b28d78e 100644
--- a/armada/handlers/document.py
+++ b/armada/handlers/document.py
@@ -20,7 +20,7 @@ import requests
 from oslo_log import log as logging
 
 from armada.exceptions.source_exceptions import InvalidPathException
-from armada.utils.keystone import KeystoneUtils
+from armada.utils import keystone as ks_utils
 
 LOG = logging.getLogger(__name__)
 
@@ -119,7 +119,7 @@ class ReferenceResolver(object):
         :param design_uri: Tuple as returned by urllib.parse for the design
                            reference
         """
-        ks_sess = KeystoneUtils.get_session()
+        ks_sess = ks_utils.get_keystone_session()
         (new_scheme, foo) = re.subn('^[^+]+\+', '', design_uri.scheme)
         url = urllib.parse.urlunparse(
             (new_scheme, design_uri.netloc, design_uri.path, design_uri.params,
diff --git a/armada/utils/keystone.py b/armada/utils/keystone.py
index 13dda4a5..33f48c0c 100644
--- a/armada/utils/keystone.py
+++ b/armada/utils/keystone.py
@@ -1,4 +1,4 @@
-# Copyright 2017 AT&T Intellectual Property.  All other rights reserved.
+# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,54 +11,11 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-"""Utility functions for accessing Openstack Keystone."""
 
-import os
-
-from keystoneauth1.identity import v3
-from keystoneauth1 import session
+from keystoneauth1 import loading
 from oslo_config import cfg
 
 
-CONF = cfg.CONF
-
-
-class KeystoneUtils(object):
-    """Utility methods for using Keystone."""
-
-    @staticmethod
-    def get_session():
-        """Get an initialized keystone session.
-
-        Authentication is based on the keystone_authtoken
-        section of the config file primarily. If that fails
-        then attempt to create a session from environmental
-        variables. This is for cases of the CLI needing
-        a token.
-        """
-        auth_info = dict()
-        auth_fields = ['auth_url', 'username', 'password', 'project_id',
-                       'user_domain_name']
-        try:
-            for f in auth_fields:
-                auth_info[f] = getattr(CONF.keystone_authtoken, f)
-            auth = v3.Password(**auth_info)
-            ks_session = session.Session(auth=auth)
-            # Test the session
-            ks_session.get_auth_headers()
-        except Exception:  # nosec this isn't a security issue
-            pass
-        else:
-            return ks_session
-
-        try:
-            for f in auth_fields:
-                auth_info[f] = os.environ.get('os_{}'.format(f).upper())
-            auth = v3.Password(**auth_info)
-            ks_session = session.Session(auth=auth)
-            # Test the session
-            ks_session.get_auth_headers()
-        except Exception:
-            raise Exception('Missing credential information for Keystone.')
-
-        return ks_session
+def get_keystone_session():
+    return loading.load_session_from_conf_options(
+        cfg.CONF, group="keystone_authtoken")