diff --git a/provision-keystone-apb/tasks/hiera.yaml b/provision-keystone-apb/tasks/hiera.yaml
new file mode 100644
index 0000000..a75d39b
--- /dev/null
+++ b/provision-keystone-apb/tasks/hiera.yaml
@@ -0,0 +1,45 @@
+- name: Translate hieradata
+  include_role:
+    name: 'ansible-role-k8s-tripleo'
+  vars:
+    hieradata:
+    schema:
+      keystone::admin_token: DEFAULT.admin_token
+      keystone::admin_workers: eventlet_server.admin_workers
+      keystone::public_workers: eventlet_server.public_workers
+      keystone::public_bind_host: eventlet_server.public_bind_host
+      keystone::admin_bind_host: eventlet_server.admin_bind_host
+      keystone::public_endpoint: DEFAULT.admin_bind_host
+
+      keystone_ca_certificate: signing.ca_certs
+      keystone_signing_key: signing.keyfile
+      keystone_signing_certificate: signing.certfile
+      keystone::database_connection: database.connection
+      keystone::token_expiration: token.expiration
+      keystone::fernet_max_active_keys: fernet_tokens.max_active_keys
+
+      keystone::wsgi::apache::ssl: ssl.enable
+
+      keystone::notification_driver: oslo_messaging_notifications.driver
+      keystone::notification_topics: oslo_messaging_notifications.topics
+
+      keystone::rabbit_userid: oslo_messaging_rabbit.rabbit_userid
+      keystone::rabbit_password: oslo_messaging_rabbit.rabbit_password
+      keystone::rabbit_host: oslo_messaging_rabbit.rabbit_host
+    fact_variable: 'keystone_config'
+
+#     keystone::admin_password: DEFAULT.admin_password ?
+#      keystone::service_name: 'httpd'
+#      keystone::cron::token_flush::destination: '/dev/null'
+#      keystone::roles::admin::password: 211937d10baf281179d64c64533af6fcc1aa7475
+#      keystone::roles::admin::email: 'root@localhost'
+#      keystone::roles::admin::admin_tenant: 'admin'
+#      keystone::roles::admin::service_tenant: 'service'
+#      keystone::endpoint::public_url: http://192.168.24.1:5000
+#      keystone::endpoint::internal_url: http://192.168.24.1:5000
+#      keystone::endpoint::admin_url: "%{hiera('keystone_identity_uri')}"
+#      keystone::endpoint::region: "%{hiera('keystone_region')}"
+#      keystone::endpoint::version: ''
+#      keystone::wsgi::apache::bind_host: 192.168.24.1
+#      keystone::enable_credential_setup: true
+#      keystone::fernet_max_active_keys: 2