diff --git a/keystone/Chart.yaml b/keystone/Chart.yaml
index ef01a8e14c..e0f8f42e6b 100644
--- a/keystone/Chart.yaml
+++ b/keystone/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Keystone
 name: keystone
-version: 0.1.1
+version: 0.1.2
 home: https://docs.openstack.org/keystone/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
 sources:
diff --git a/keystone/templates/configmap-etc.yaml b/keystone/templates/configmap-etc.yaml
index f97c31ced9..98f9a7ef96 100644
--- a/keystone/templates/configmap-etc.yaml
+++ b/keystone/templates/configmap-etc.yaml
@@ -56,6 +56,7 @@ data:
   logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.logging | b64enc }}
   keystone-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
   policy.json: {{  toJson .Values.conf.policy | b64enc }}
+  access_rules.json: {{ toJson .Values.conf.access_rules | b64enc }}
   ports.conf: ''
 {{- range $k, $v := .Values.conf.ks_domains }}
   keystone.{{ $k }}.json: {{ toJson $v | b64enc }}
diff --git a/keystone/templates/deployment-api.yaml b/keystone/templates/deployment-api.yaml
index a6295aedae..a3a143dfd1 100644
--- a/keystone/templates/deployment-api.yaml
+++ b/keystone/templates/deployment-api.yaml
@@ -113,6 +113,10 @@ spec:
               mountPath: /etc/keystone/policy.json
               subPath: policy.json
               readOnly: true
+            - name: keystone-etc
+              mountPath: /etc/keystone/access_rules.json
+              subpath: access_rules.json
+              readOnly: true
             - name: keystone-etc
               mountPath: /etc/keystone/sso_callback_template.html
               subPath: sso_callback_template.html
diff --git a/keystone/values.yaml b/keystone/values.yaml
index 6cda58808d..66ca5fcd86 100644
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@@ -777,6 +777,7 @@ conf:
     identity:update_domain_config: rule:admin_required
     identity:delete_domain_config: rule:admin_required
     identity:get_domain_config_default: rule:admin_required
+  access_rules: {}
   rabbitmq:
     # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
     policies: