diff --git a/README.md b/README.md
index 7fe0e104..e11cc7f1 100644
--- a/README.md
+++ b/README.md
@@ -295,6 +295,12 @@ Bare Metal Configuration Attributes
   `openstack['compute']['config']['reserved_host_memory_mb']`
 * `openstack['compute']['scheduler']['baremetal_default_filters']` A list of filters enabled for baremetal schedulers that support them.
 
+Keymgr Configuration Attributes
+-------------------------------
+
+* `openstack["compute"]["keymgr"]["api_class"] - the full class name of the key manager API class.
+* `openstack["compute"]["keymgr"]["fixed_key"] - the fixed key returned by key manager, specified in hex (string value).
+
 Scheduler Configuration Attributes
 ----------------------------------
 
diff --git a/attributes/default.rb b/attributes/default.rb
index 315cf941..43559e3f 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -634,6 +634,10 @@ default['openstack']['compute']['vmware']['integration_bridge'] = 'br-int'
 default['openstack']['compute']['bare-metal']['admin_username'] = 'ironic'
 default['openstack']['compute']['bare-metal']['admin_tenant_name'] = 'service'
 
+# Keymgr options
+default['openstack']['compute']['keymgr']['api_class'] = 'nova.keymgr.conf_key_mgr.ConfKeyManager'
+default['openstack']['compute']['keymgr']['fixed_key'] = nil
+
 # Boolean to decide whether to use baremetal_scheduler_default_filters or not.
 default['openstack']['compute']['scheduler']['use_baremetal_filters'] = false
 
diff --git a/spec/nova-common_spec.rb b/spec/nova-common_spec.rb
index ef6ec5d6..81e99284 100644
--- a/spec/nova-common_spec.rb
+++ b/spec/nova-common_spec.rb
@@ -602,6 +602,20 @@ describe 'openstack-compute::nova-common' do
           .with_section_content('libvirt', /^disk_cachemodes=disk:writethrough$/)
       end
 
+      it 'has keymgr api_class attribute default set' do
+        expect(chef_run).to render_config_file(file.name).with_section_content('keymgr', /^api_class=nova.keymgr.conf_key_mgr.ConfKeyManager$/)
+      end
+
+      it 'does not have keymgr attribute fixed_key set by default' do
+        expect(chef_run).not_to render_file(file.name).with_content(/^fixed_key=$/)
+      end
+
+      it 'allow override for keymgr attribute fixed_key' do
+        chef_run.node.set['openstack']['compute']['keymgr']['fixed_key'] = '1111111111111111111111111111111111111111111111111111111111111111'
+        expect(chef_run).to render_config_file(file.name)\
+          .with_section_content('keymgr', /^fixed_key=1111111111111111111111111111111111111111111111111111111111111111$/)
+      end
+
       context 'metering' do
         describe 'metering disabled' do
           it 'leaves default audit options' do
diff --git a/templates/default/nova.conf.erb b/templates/default/nova.conf.erb
index ec1df585..ead52aff 100644
--- a/templates/default/nova.conf.erb
+++ b/templates/default/nova.conf.erb
@@ -798,6 +798,23 @@ admin_url=<%= @identity_endpoint.to_s %>
 # Ironic keystone tenant name. (string value)
 admin_tenant_name=<%= node['openstack']['compute']['bare-metal']['admin_tenant_name'] %>
 
+[keymgr]
+
+#
+#Options defined in nova.keymgr
+#
+
+#The full class name of the key manager API class (string value)
+api_class=<%= node["openstack"]["compute"]["keymgr"]["api_class"] %>
+
+#
+# Options defined in nova.keymgr.conf_key_mgr
+#
+
+# Fixed key returned by key manager, specified in hex (string value)
+<% if node["openstack"]["compute"]["keymgr"]["fixed_key"] -%>
+fixed_key=<%= node["openstack"]["compute"]["keymgr"]["fixed_key"] %>
+<% end -%>
 
 [oslo_concurrency]