diff --git a/docker/keystone/Dockerfile b/docker/keystone/Dockerfile
new file mode 100644
index 0000000000..5eb45d8144
--- /dev/null
+++ b/docker/keystone/Dockerfile
@@ -0,0 +1,23 @@
+FROM rhel7
+MAINTAINER jlabocki@redhat.com
+
+# This Dockerfile installs the components of Keystone in a docker image as a proof of concept
+RUN date > /root/date
+
+#Install required packages
+RUN yum install -y wget procps-ng net-tools && yum clean all
+RUN yum install -y openstack-keystone openstack-utils openstack-selinux mariadb-galera-server socat && yum clean all
+
+#Service token stuff
+RUN export SERVICE_TOKEN=$(/usr/bin/openssl rand -hex 10) && /usr/bin/echo $SERVICE_TOKEN > /root/ks_admin_token && openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN && echo "export SERVICE_TOKEN=`cat /root/ks_admin_token`" > /root/ks_admin && echo "export SERVICE_ENDPOINT=\"http://127.0.0.1:35357/v2.0\"" >> /root/ks_admin
+
+#Eventually use rabbitmq-server (externally, but who knows, this might work too some day)
+#RUN yum install -y rabbitmq-server
+#RUN yum install -y mariadb-galera-server
+
+#Eventually use optimizied systemd for containers and use this to enable the service and start it
+#RUN yum install systemd-container
+
+ADD ./start /usr/bin/run
+
+CMD ["/usr/bin/run"]
diff --git a/docker/keystone/keystone.json b/docker/keystone/keystone.json
new file mode 100644
index 0000000000..4375e333e3
--- /dev/null
+++ b/docker/keystone/keystone.json
@@ -0,0 +1,33 @@
+{
+  "id": "keystone",
+  "desiredState": {
+    "manifest": {
+      "version": "v1beta1",
+      "id": "keystone-1",
+      "containers": [{
+        "name": "keystone",
+        "image": "docker.usersys.redhat.com/jlabocki/keystone",
+        "ports": [{
+          "containerPort": 80,
+          "hostPort": 80
+        }],
+        "env": [{
+	  'name': 'DB_ROOT_PASSWORD',
+	  'value': 'password'
+	}]
+      },
+      {
+        "name": "mariadb",
+        "image": "docker.usersys.redhat.com/lhh1/rhel-osp-mariadb",
+        "env": [{
+	  'name': 'DB_ROOT_PASSWORD',
+	  'value': 'password'
+	}]
+      }]
+    }
+  },
+  "labels": {
+    "name": "keystone"
+  }
+}
+
diff --git a/docker/keystone/start b/docker/keystone/start
new file mode 100755
index 0000000000..bff03803cb
--- /dev/null
+++ b/docker/keystone/start
@@ -0,0 +1,32 @@
+#!/bin/bash -e
+
+env > /root/ENV
+
+socat UNIX-LISTEN:/var/lib/mysql/mysql.sock,fork,reuseaddr,unlink-early,user=mysql,group=mysql,mode=777 TCP:127.0.0.1:3306 &
+
+/usr/bin/openstack-db --service keystone --init --yes --rootpw ${DB_ROOT_PASSWORD} --password redhat
+
+
+sed -ri 's/#driver=keystone.identity.backends.sql.Identity/driver=keystone.identity.backends.sql.Identity/' /etc/keystone/keystone.conf
+sed -ri 's/#idle_timeout=3600/idle_timeout=200/' /etc/keystone/keystone.conf
+
+/usr/bin/keystone-manage db_sync
+
+/usr/bin/keystone-all &
+PID=$!
+
+/bin/sleep 5
+
+export SERVICE_TOKEN=`cat /root/ks_admin_token`
+export SERVICE_ENDPOINT="http://127.0.0.1:35357/v2.0"
+
+/bin/keystone user-create --name admin --pass redhat
+/bin/keystone role-create --name admin
+/bin/keystone tenant-create --name admin
+/bin/keystone user-role-add --user admin --role admin --tenant admin
+
+kill -TERM $PID
+
+
+echo "Exec-ing keystone-all.."
+exec /usr/bin/keystone-all