diff --git a/ansible/roles/ceph/defaults/main.yml b/ansible/roles/ceph/defaults/main.yml
index 45dac9e84ff8abf101b5b001ee41bfe88f65fd47..e1f4ad1f529be9c68af695a96b781fd460d4d1c6 100644
--- a/ansible/roles/ceph/defaults/main.yml
+++ b/ansible/roles/ceph/defaults/main.yml
@@ -35,6 +35,8 @@ swift_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ rgw_p
 swift_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ rgw_port }}/swift/v1"
 swift_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ rgw_port }}/swift/v1"
 
+ceph_rgw_keystone_user: "ceph_rgw"
+
 openstack_swift_auth: "{{ openstack_auth }}"
 
 ####################
diff --git a/ansible/roles/ceph/tasks/start_rgw_keystone.yml b/ansible/roles/ceph/tasks/start_rgw_keystone.yml
index 6c845253d1e1ba516aadd39636b2c29ca2d421a2..d7cd0e16bccf3766425e0d758ad3aaad7d241892 100644
--- a/ansible/roles/ceph/tasks/start_rgw_keystone.yml
+++ b/ansible/roles/ceph/tasks/start_rgw_keystone.yml
@@ -23,3 +23,16 @@
     - {'interface': 'admin', 'url': '{{ swift_admin_endpoint }}'}
     - {'interface': 'internal', 'url': '{{ swift_internal_endpoint }}'}
     - {'interface': 'public', 'url': '{{ swift_public_endpoint }}'}
+
+- name: Registering keystone ceph_rgw user
+  kolla_toolbox:
+    module_name: kolla_keystone_user
+    module_args:
+      project: "service"
+      user: "{{ ceph_rgw_keystone_user }}"
+      password: "{{ ceph_rgw_keystone_password }}"
+      role: "admin"
+      region_name: "{{ openstack_region_name }}"
+      auth: "{{ '{{ openstack_ceph_rgw_auth }}' }}"
+    module_extra_vars:
+      openstack_ceph_rgw_auth: "{{ openstack_swift_auth }}"
diff --git a/ansible/roles/ceph/templates/ceph.conf.j2 b/ansible/roles/ceph/templates/ceph.conf.j2
index fa5222fc2431d475fc13fd489d311e149811fd4c..8df2dc0c77da465f1fca6489fa695b8050a8572a 100644
--- a/ansible/roles/ceph/templates/ceph.conf.j2
+++ b/ansible/roles/ceph/templates/ceph.conf.j2
@@ -34,9 +34,9 @@ host = {{ hostvars[inventory_hostname]['ansible_' + storage_interface]['ipv4']['
 rgw frontends = civetweb port={{ api_interface_address }}:{{ rgw_port }}
 {% if enable_ceph_rgw_keystone | bool %}
 rgw_keystone_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
-rgw_keystone_admin_user = {{ openstack_auth.username }}
-rgw_keystone_admin_password = {{ openstack_auth.password }}
-rgw_keystone_admin_project = {{ openstack_auth.project_name }}
+rgw_keystone_admin_user = {{ ceph_rgw_keystone_user }}
+rgw_keystone_admin_password = {{ ceph_rgw_keystone_password }}
+rgw_keystone_admin_project = service
 rgw_keystone_admin_domain = default
 rgw_keystone_api_version = 3
 rgw_keystone_accepted_roles = admin, {{ keystone_default_user_role }}
diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml
index 50b99c53514410bd3e9d2df58d5efa65cdcd8028..32b89cbe8be3c15cfc3d25caa9e79ac4e7ac79ad 100644
--- a/etc/kolla/passwords.yml
+++ b/etc/kolla/passwords.yml
@@ -5,6 +5,7 @@
 # These options must be UUID4 values in string format
 # XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX
 ceph_cluster_fsid:
+ceph_rgw_keystone_password:
 # for backward compatible consideration, rbd_secret_uuid is only used for nova,
 # cinder_rbd_secret_uuid is used for cinder
 rbd_secret_uuid:
diff --git a/releasenotes/notes/ceph-rgw-keystone-user-d084c3ebdc9528c7.yaml b/releasenotes/notes/ceph-rgw-keystone-user-d084c3ebdc9528c7.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9bc8a2a192d51683ada73daba2874f0a48bd606b
--- /dev/null
+++ b/releasenotes/notes/ceph-rgw-keystone-user-d084c3ebdc9528c7.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    ceph_rgw_keystone_password is required in passwords.yml file. And ceph-rgw
+    depends on a separate user rather than keystone admin user now.