diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index ff9fae3df5..1417d08975 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -38,6 +38,7 @@ kolla_external_fqdn: "{{ kolla_internal_fqdn if kolla_external_vip_address == ko
 
 kolla_enable_sanity_checks: "no"
 
+kolla_enable_sanity_barbican: "{{ kolla_enable_sanity_checks }}"
 kolla_enable_sanity_keystone: "{{ kolla_enable_sanity_checks }}"
 kolla_enable_sanity_glance: "{{ kolla_enable_sanity_checks }}"
 kolla_enable_sanity_cinder: "{{ kolla_enable_sanity_checks }}"
diff --git a/ansible/roles/barbican/tasks/check.yml b/ansible/roles/barbican/tasks/check.yml
index ed97d539c0..ede5e1be0c 100644
--- a/ansible/roles/barbican/tasks/check.yml
+++ b/ansible/roles/barbican/tasks/check.yml
@@ -1 +1,33 @@
 ---
+- name: Barbican sanity - storing a secret
+  shell: docker exec -t barbican_api openstack \
+      --os-auth-url={{ openstack_auth.auth_url }} \
+      --os-password={{ openstack_auth.password }} \
+      --os-username={{ openstack_auth.username }} \
+      --os-project-name={{ openstack_auth.project_name }} \
+      secret store -f value -p kolla | head -1
+  register: barbican_store_secret
+  run_once: True
+  when: kolla_enable_sanity_barbican | bool
+
+- name: Barbican sanity - fetch secret
+  shell: docker exec -t barbican_api openstack \
+      --os-auth-url={{ openstack_auth.auth_url }} \
+      --os-password={{ openstack_auth.password }} \
+      --os-username={{ openstack_auth.username }} \
+      --os-project-name={{ openstack_auth.project_name }} \
+      secret get -f value -p {{ barbican_store_secret.stdout }}
+  register: barbican_get_secret
+  failed_when: "{{ barbican_get_secret.stdout != 'kolla' }}"
+  run_once: True
+  when: kolla_enable_sanity_barbican | bool
+
+- name: Barbican sanity - cleaning up
+  shell: docker exec -t barbican_api openstack \
+      --os-auth-url={{ openstack_auth.auth_url }} \
+      --os-password={{ openstack_auth.password }} \
+      --os-username={{ openstack_auth.username }} \
+      --os-project-name={{ openstack_auth.project_name }} \
+      secret delete {{ barbican_store_secret.stdout }}
+  run_once: True
+  when: kolla_enable_sanity_barbican | bool