diff --git a/castellan/key_manager/barbican_key_manager.py b/castellan/key_manager/barbican_key_manager.py
index bc756de1..9db45f7f 100644
--- a/castellan/key_manager/barbican_key_manager.py
+++ b/castellan/key_manager/barbican_key_manager.py
@@ -175,13 +175,16 @@ class BarbicanKeyManager(key_manager.KeyManager):
         # this will be kept for oslo.context compatibility until
         # projects begin to use utils.credential_factory
         elif context.__class__.__name__ is 'RequestContext':
-            return identity.Token(
-                auth_url=self.conf.barbican.auth_endpoint,
-                token=context.auth_token,
-                project_id=context.project_id,
-                project_name=context.project_name,
-                project_domain_id=context.project_domain_id,
-                project_domain_name=context.project_domain_name)
+            if getattr(context, 'get_auth_plugin', None):
+                return context.get_auth_plugin()
+            else:
+                return identity.Token(
+                    auth_url=self.conf.barbican.auth_endpoint,
+                    token=context.auth_token,
+                    project_id=context.project_id,
+                    project_name=context.project_name,
+                    project_domain_id=context.project_domain_id,
+                    project_domain_name=context.project_domain_name)
         else:
             msg = _("context must be of type KeystonePassword, "
                     "KeystoneToken, or RequestContext.")
@@ -192,6 +195,10 @@ class BarbicanKeyManager(key_manager.KeyManager):
         barbican = self.conf.barbican
         if barbican.barbican_endpoint:
             return barbican.barbican_endpoint
+        elif getattr(auth, 'service_catalog', None):
+            endpoint_data = auth.service_catalog.endpoint_data_for(
+                service_type='key-manager')
+            return endpoint_data.url
         else:
             service_parameters = {'service_type': 'key-manager',
                                   'service_name': 'barbican',
@@ -199,9 +206,14 @@ class BarbicanKeyManager(key_manager.KeyManager):
             return auth.get_endpoint(sess, **service_parameters)
 
     def _create_base_url(self, auth, sess, endpoint):
+        api_version = None
         if self.conf.barbican.barbican_api_version:
             api_version = self.conf.barbican.barbican_api_version
-        else:
+        elif getattr(auth, 'service_catalog', None):
+            endpoint_data = auth.service_catalog.endpoint_data_for(
+                service_type='key-manager')
+            api_version = endpoint_data.api_version
+        elif getattr(auth, 'get_discovery', None):
             discovery = auth.get_discovery(sess, url=endpoint)
             raw_data = discovery.raw_version_data()
             if len(raw_data) == 0:
diff --git a/castellan/tests/unit/key_manager/test_barbican_key_manager.py b/castellan/tests/unit/key_manager/test_barbican_key_manager.py
index d4fe6829..36e842da 100644
--- a/castellan/tests/unit/key_manager/test_barbican_key_manager.py
+++ b/castellan/tests/unit/key_manager/test_barbican_key_manager.py
@@ -94,6 +94,54 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
                                                  endpoint)
         self.assertEqual(endpoint + "/" + version, base_url)
 
+    def test_base_url_service_catalog(self):
+        endpoint_data = mock.Mock()
+        endpoint_data.api_version = 'v321'
+
+        auth = mock.Mock(spec=['service_catalog'])
+        auth.service_catalog.endpoint_data_for.return_value = endpoint_data
+
+        endpoint = "http://localhost/key_manager"
+
+        base_url = self.key_mgr._create_base_url(auth,
+                                                 mock.Mock(),
+                                                 endpoint)
+        self.assertEqual(endpoint + "/" + endpoint_data.api_version, base_url)
+        auth.service_catalog.endpoint_data_for.assert_called_once_with(
+            service_type='key-manager')
+
+    def test_base_url_raise_exception(self):
+        auth = mock.Mock(spec=['get_discovery'])
+        sess = mock.Mock()
+        discovery = mock.Mock()
+        discovery.raw_version_data = mock.Mock(return_value=[])
+        auth.get_discovery = mock.Mock(return_value=discovery)
+
+        endpoint = "http://localhost/key_manager"
+
+        self.assertRaises(exception.KeyManagerError,
+                          self.key_mgr._create_base_url,
+                          auth, sess, endpoint)
+        auth.get_discovery.asser_called_once_with(sess, url=endpoint)
+        self.assertEqual(1, discovery.raw_version_data.call_count)
+
+    def test_base_url_get_discovery(self):
+        version = 'v100500'
+        auth = mock.Mock(spec=['get_discovery'])
+        sess = mock.Mock()
+        discovery = mock.Mock()
+        auth.get_discovery = mock.Mock(return_value=discovery)
+        discovery.raw_version_data = mock.Mock(return_value=[{'id': version}])
+
+        endpoint = "http://localhost/key_manager"
+
+        base_url = self.key_mgr._create_base_url(auth,
+                                                 mock.Mock(),
+                                                 endpoint)
+        self.assertEqual(endpoint + "/" + version, base_url)
+        auth.get_discovery.asser_called_once_with(sess, url=endpoint)
+        self.assertEqual(1, discovery.raw_version_data.call_count)
+
     def test_create_key(self):
         # Create order_ref_url and assign return value
         order_ref_url = ("http://localhost:9311/v1/orders/"