diff --git a/ansible/roles/keystone/tasks/config.yml b/ansible/roles/keystone/tasks/config.yml
index 49bfe6bec8c6e64d1d71e41a7c7ddcb056298823..395c97af3c97f8c2d43be6af21027210d9267d86 100644
--- a/ansible/roles/keystone/tasks/config.yml
+++ b/ansible/roles/keystone/tasks/config.yml
@@ -200,6 +200,7 @@
     - { src: "crontab.j2", dest: "crontab" }
     - { src: "fernet-rotate.sh.j2", dest: "fernet-rotate.sh" }
     - { src: "fernet-node-sync.sh.j2", dest: "fernet-node-sync.sh" }
+    - { src: "fernet-push.sh.j2", dest: "fernet-push.sh" }
     - { src: "id_rsa", dest: "id_rsa" }
     - { src: "ssh_config.j2", dest: "ssh_config" }
   when:
diff --git a/ansible/roles/keystone/tasks/init_fernet.yml b/ansible/roles/keystone/tasks/init_fernet.yml
index 09602a6bbfbbe669f70f828d940d193b746a07bd..9fa0769468305726339ae164dea8ff8b53972259 100644
--- a/ansible/roles/keystone/tasks/init_fernet.yml
+++ b/ansible/roles/keystone/tasks/init_fernet.yml
@@ -22,6 +22,6 @@
 
 - name: Run key distribution
   become: true
-  command: docker exec -t keystone_fernet /usr/bin/fernet-rotate.sh
+  command: docker exec -t keystone_fernet /usr/bin/fernet-push.sh
   run_once: True
   delegate_to: "{{ groups['keystone'][0] }}"
diff --git a/ansible/roles/keystone/templates/fernet-push.sh.j2 b/ansible/roles/keystone/templates/fernet-push.sh.j2
new file mode 100644
index 0000000000000000000000000000000000000000..cd77375812fcf861520dfe118a91a08a220c5d7b
--- /dev/null
+++ b/ansible/roles/keystone/templates/fernet-push.sh.j2
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+{% for host in groups['keystone'] %}
+{% if inventory_hostname != host %}
+/usr/bin/rsync -az -e 'ssh -i /var/lib/keystone/.ssh/id_rsa -p {{ hostvars[host]['keystone_ssh_port'] }} -F /var/lib/keystone/.ssh/config' --delete /etc/keystone/fernet-keys/ keystone@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:/etc/keystone/fernet-keys
+{% endif %}
+{% endfor %}
diff --git a/ansible/roles/keystone/templates/fernet-rotate.sh.j2 b/ansible/roles/keystone/templates/fernet-rotate.sh.j2
index 9f6cf8c955fa6df24e348f839e586e6429298245..3ef7a0e63cb6c22c8b7f8e902bc084ba65dfd22f 100644
--- a/ansible/roles/keystone/templates/fernet-rotate.sh.j2
+++ b/ansible/roles/keystone/templates/fernet-rotate.sh.j2
@@ -2,8 +2,4 @@
 
 keystone-manage --config-file /etc/keystone/keystone.conf fernet_rotate --keystone-user {{ keystone_username }} --keystone-group {{ keystone_groupname }}
 
-{% for host in groups['keystone'] %}
-{% if inventory_hostname != host %}
-/usr/bin/rsync -az -e 'ssh -i /var/lib/keystone/.ssh/id_rsa -p {{ hostvars[host]['keystone_ssh_port'] }} -F /var/lib/keystone/.ssh/config' --delete /etc/keystone/fernet-keys/ keystone@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:/etc/keystone/fernet-keys
-{% endif %}
-{% endfor %}
+/usr/bin/fernet-push.sh
diff --git a/ansible/roles/keystone/templates/keystone-fernet.json.j2 b/ansible/roles/keystone/templates/keystone-fernet.json.j2
index b0695c25e932b88d787fe7c4eeaaadae7d011bdb..05fa9cda53766cc6c22b537123bfc4a4b6cd6e54 100644
--- a/ansible/roles/keystone/templates/keystone-fernet.json.j2
+++ b/ansible/roles/keystone/templates/keystone-fernet.json.j2
@@ -26,6 +26,12 @@
             "owner": "root",
             "perm": "0755"
         },
+        {
+            "source": "{{ container_config_directory }}/fernet-push.sh",
+            "dest": "/usr/bin/fernet-push.sh",
+            "owner": "root",
+            "perm": "0755"
+        },
         {
             "source": "{{ container_config_directory }}/ssh_config",
             "dest": "/var/lib/keystone/.ssh/config",