diff --git a/keystone/credential/controllers.py b/keystone/credential/controllers.py
index 8d63933caf..de9752dc86 100644
--- a/keystone/credential/controllers.py
+++ b/keystone/credential/controllers.py
@@ -66,15 +66,29 @@ class CredentialV3(controller.V3Controller):
         ref = self.credential_api.create_credential(ref['id'], ref)
         return CredentialV3.wrap_member(context, ref)
 
+    @staticmethod
+    def _blob_to_json(ref):
+        # credentials stored via ec2tokens before the fix for #1259584
+        # need json serializing, as that's the documented API format
+        blob = ref.get('blob')
+        if isinstance(blob, dict):
+            new_ref = ref.copy()
+            new_ref['blob'] = json.dumps(blob)
+            return new_ref
+        else:
+            return ref
+
     @controller.protected()
     def list_credentials(self, context):
         refs = self.credential_api.list_credentials()
-        return CredentialV3.wrap_collection(context, refs)
+        ret_refs = [self._blob_to_json(r) for r in refs]
+        return CredentialV3.wrap_collection(context, ret_refs)
 
     @controller.protected()
     def get_credential(self, context, credential_id):
         ref = self.credential_api.get_credential(credential_id)
-        return CredentialV3.wrap_member(context, ref)
+        ret_ref = self._blob_to_json(ref)
+        return CredentialV3.wrap_member(context, ret_ref)
 
     @controller.protected()
     def update_credential(self, context, credential_id, credential):
diff --git a/keystone/tests/test_v3_credential.py b/keystone/tests/test_v3_credential.py
index a9735075bf..a2a5bd2815 100644
--- a/keystone/tests/test_v3_credential.py
+++ b/keystone/tests/test_v3_credential.py
@@ -142,6 +142,27 @@ class CredentialTestCase(CredentialBaseTestCase):
             '/credentials',
             body={'credential': ref}, expected_status=409)
 
+    def test_get_ec2_dict_blob(self):
+        """Ensure non-JSON blob data is correctly converted."""
+        expected_blob, credential_id = self._create_dict_blob_credential()
+
+        r = self.get(
+            '/credentials/%(credential_id)s' % {
+                'credential_id': credential_id})
+        self.assertEqual(expected_blob, r.result['credential']['blob'])
+
+    def test_list_ec2_dict_blob(self):
+        """Ensure non-JSON blob data is correctly converted."""
+        expected_blob, credential_id = self._create_dict_blob_credential()
+
+        list_r = self.get('/credentials')
+        list_creds = list_r.result['credentials']
+        list_ids = [r['id'] for r in list_creds]
+        self.assertIn(credential_id, list_ids)
+        for r in list_creds:
+            if r['id'] == credential_id:
+                self.assertEqual(expected_blob, r['blob'])
+
     def test_create_non_ec2_credential(self):
         """Call ``POST /credentials`` for creating non-ec2 credential."""
         ref = self.new_credential_ref(user_id=self.user['id'])