diff --git a/capabilities-map.yaml b/capabilities-map.yaml
index 85c327c125..947ba8b618 100644
--- a/capabilities-map.yaml
+++ b/capabilities-map.yaml
@@ -597,3 +597,8 @@ topics:
         environments:
           - file: environments/cadf.yaml
             title: Keystone CADF auditing
+      - title: SecureTTY Values
+        description: Set values within /etc/securetty
+        environments:
+          - file: environments/securetty.yaml
+            title: SecureTTY Values
diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml
index 63e51e2913..5dd1f0f627 100644
--- a/ci/environments/scenario001-multinode.yaml
+++ b/ci/environments/scenario001-multinode.yaml
@@ -51,6 +51,7 @@ parameter_defaults:
     - OS::TripleO::Services::Ntp
     - OS::TripleO::Services::Snmp
     - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::Securetty
     - OS::TripleO::Services::Timezone
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
@@ -124,3 +125,11 @@ parameter_defaults:
   MonitoringRabbitHost: 127.0.0.1
   MonitoringRabbitPort: 5676
   MonitoringRabbitPassword: sensu
+  TtyValues:
+    - console
+    - tty1
+    - tty2
+    - tty3
+    - tty4
+    - tty5
+    - tty6
diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml
index 8f74ec35d1..7b778aad9e 100644
--- a/environments/hyperconverged-ceph.yaml
+++ b/environments/hyperconverged-ceph.yaml
@@ -13,6 +13,7 @@ parameter_defaults:
     - OS::TripleO::Services::Ntp
     - OS::TripleO::Services::Snmp
     - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::Securetty
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
     - OS::TripleO::Services::Kernel
diff --git a/environments/securetty.yaml b/environments/securetty.yaml
new file mode 100644
index 0000000000..cdadf37685
--- /dev/null
+++ b/environments/securetty.yaml
@@ -0,0 +1,12 @@
+resource_registry:
+  OS::TripleO::Services::Securetty: ../puppet/services/securetty.yaml
+
+parameter_defaults:
+  TtyValues:
+    - console
+    - tty1
+    - tty2
+    - tty3
+    - tty4
+    - tty5
+    - tty6
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index a7c9b0a6ed..a97ae2960d 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -178,6 +178,7 @@ resource_registry:
   OS::TripleO::Services::SaharaApi: OS::Heat::None
   OS::TripleO::Services::SaharaEngine: OS::Heat::None
   OS::TripleO::Services::Sshd: OS::Heat::None
+  OS::TripleO::Services::Securetty: OS::Heat::None
   OS::TripleO::Services::Redis: puppet/services/database/redis.yaml
   OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml
   OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml
diff --git a/puppet/services/securetty.yaml b/puppet/services/securetty.yaml
new file mode 100644
index 0000000000..6d32fe8223
--- /dev/null
+++ b/puppet/services/securetty.yaml
@@ -0,0 +1,36 @@
+heat_template_version: ocata
+
+description: >
+  Configure securetty values
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  TtyValues:
+    default: {}
+    description: Configures console values in securetty
+    type: json
+    constraints:
+      - length: { min: 1}
+
+outputs:
+  role_data:
+    description: Console data for the securetty
+    value:
+      service_name: securetty
+      config_settings:
+        tripleo::profile::base::securetty::tty_list: {get_param: TtyValues}
+      step_config: |
+        include ::tripleo::profile::base::securetty
diff --git a/roles_data.yaml b/roles_data.yaml
index 780c9c9387..f0ba5f81e9 100644
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -82,6 +82,7 @@
     - OS::TripleO::Services::SwiftRingBuilder
     - OS::TripleO::Services::Snmp
     - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::Securetty
     - OS::TripleO::Services::Timezone
     - OS::TripleO::Services::CeilometerApi
     - OS::TripleO::Services::CeilometerCollector
@@ -144,6 +145,7 @@
     - OS::TripleO::Services::Ntp
     - OS::TripleO::Services::Snmp
     - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::Securetty
     - OS::TripleO::Services::NovaCompute
     - OS::TripleO::Services::NovaLibvirt
     - OS::TripleO::Services::Kernel
@@ -173,6 +175,7 @@
     - OS::TripleO::Services::Timezone
     - OS::TripleO::Services::Snmp
     - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::Securetty
     - OS::TripleO::Services::TripleoPackages
     - OS::TripleO::Services::TripleoFirewall
     - OS::TripleO::Services::SensuClient
@@ -192,6 +195,7 @@
     - OS::TripleO::Services::SwiftRingBuilder
     - OS::TripleO::Services::Snmp
     - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::Securetty
     - OS::TripleO::Services::Timezone
     - OS::TripleO::Services::TripleoPackages
     - OS::TripleO::Services::TripleoFirewall
@@ -210,6 +214,7 @@
     - OS::TripleO::Services::Ntp
     - OS::TripleO::Services::Snmp
     - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::Securetty
     - OS::TripleO::Services::Timezone
     - OS::TripleO::Services::TripleoPackages
     - OS::TripleO::Services::TripleoFirewall