diff --git a/ansible/roles/keystone/templates/keystone.json.j2 b/ansible/roles/keystone/templates/keystone.json.j2
index 5d0486ede0..4269d7e0fa 100644
--- a/ansible/roles/keystone/templates/keystone.json.j2
+++ b/ansible/roles/keystone/templates/keystone.json.j2
@@ -20,7 +20,7 @@
             "source": "{{ container_config_directory }}/domains",
             "dest": "/etc/keystone/domains",
             "owner": "keystone",
-            "perm": "0700",
+            "perm": "0600",
             "optional": true
         }{% if keystone_policy_file is defined %},
         {
@@ -49,6 +49,11 @@
             "path": "/etc/keystone/fernet-keys",
             "owner": "keystone:keystone",
             "perm": "0770"
+        },
+        {
+            "path": "/etc/keystone/domains",
+            "owner": "keystone:keystone",
+            "perm": "0700"
         }
     ]
 }