diff --git a/barbican/Chart.yaml b/barbican/Chart.yaml
index b4ef7082bc..82239687b5 100644
--- a/barbican/Chart.yaml
+++ b/barbican/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Barbican
 name: barbican
-version: 0.2.8
+version: 0.2.9
 home: https://docs.openstack.org/barbican/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Barbican/OpenStack_Project_Barbican_vertical.png
 sources:
diff --git a/barbican/values.yaml b/barbican/values.yaml
index 72efd88c51..8d567edab6 100644
--- a/barbican/values.yaml
+++ b/barbican/values.yaml
@@ -323,102 +323,7 @@ conf:
       oslo_config_project: barbican
     filter:http_proxy_to_wsgi:
       paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
-  policy:
-    admin: role:admin
-    observer: role:observer
-    creator: role:creator
-    audit: role:audit
-    service_admin: role:key-manager:service-admin
-    admin_or_user_does_not_work: project_id:%(project_id)s
-    admin_or_user: rule:admin or project_id:%(project_id)s
-    admin_or_creator: rule:admin or rule:creator
-    all_but_audit: rule:admin or rule:observer or rule:creator
-    all_users: rule:admin or rule:observer or rule:creator or rule:audit or rule:service_admin
-    secret_acl_read: "'read':%(target.secret.read)s"
-    secret_private_read: "'False':%(target.secret.read_project_access)s"
-    container_acl_read: "'read':%(target.container.read)s"
-    container_private_read: "'False':%(target.container.read_project_access)s"
-    secret_non_private_read: rule:all_users and rule:secret_project_match and not rule:secret_private_read
-    secret_decrypt_non_private_read: rule:all_but_audit and rule:secret_project_match
-      and not rule:secret_private_read
-    container_non_private_read: rule:all_users and rule:container_project_match and not
-      rule:container_private_read
-    secret_project_admin: rule:admin and rule:secret_project_match
-    secret_project_creator: rule:creator and rule:secret_project_match and rule:secret_creator_user
-    container_project_admin: rule:admin and rule:container_project_match
-    container_project_creator: rule:creator and rule:container_project_match and rule:container_creator_user
-    version:get: "@"
-    secret:decrypt: rule:secret_decrypt_non_private_read or rule:secret_project_creator
-      or rule:secret_project_admin or rule:secret_acl_read
-    secret:get: rule:secret_non_private_read or rule:secret_project_creator or rule:secret_project_admin
-      or rule:secret_acl_read
-    secret:put: rule:admin_or_creator and rule:secret_project_match
-    secret:delete: rule:secret_project_admin or rule:secret_project_creator
-    secrets:post: rule:admin_or_creator
-    secrets:get: rule:all_but_audit
-    orders:post: rule:admin_or_creator
-    orders:get: rule:all_but_audit
-    order:get: rule:all_users
-    order:put: rule:admin_or_creator
-    order:delete: rule:admin
-    consumer:get: rule:admin or rule:observer or rule:creator or rule:audit or rule:container_non_private_read
-      or rule:container_project_creator or rule:container_project_admin or rule:container_acl_read
-    consumers:get: rule:admin or rule:observer or rule:creator or rule:audit or rule:container_non_private_read
-      or rule:container_project_creator or rule:container_project_admin or rule:container_acl_read
-    consumers:post: rule:admin or rule:container_non_private_read or rule:container_project_creator
-      or rule:container_project_admin or rule:container_acl_read
-    consumers:delete: rule:admin or rule:container_non_private_read or rule:container_project_creator
-      or rule:container_project_admin or rule:container_acl_read
-    containers:post: rule:admin_or_creator
-    containers:get: rule:all_but_audit
-    container:get: rule:container_non_private_read or rule:container_project_creator or
-      rule:container_project_admin or rule:container_acl_read
-    container:delete: rule:container_project_admin or rule:container_project_creator
-    container_secret:post: rule:admin
-    container_secret:delete: rule:admin
-    transport_key:get: rule:all_users
-    transport_key:delete: rule:admin
-    transport_keys:get: rule:all_users
-    transport_keys:post: rule:admin
-    certificate_authorities:get_limited: rule:all_users
-    certificate_authorities:get_all: rule:admin
-    certificate_authorities:post: rule:admin
-    certificate_authorities:get_preferred_ca: rule:all_users
-    certificate_authorities:get_global_preferred_ca: rule:service_admin
-    certificate_authorities:unset_global_preferred: rule:service_admin
-    certificate_authority:delete: rule:admin
-    certificate_authority:get: rule:all_users
-    certificate_authority:get_cacert: rule:all_users
-    certificate_authority:get_ca_cert_chain: rule:all_users
-    certificate_authority:get_projects: rule:service_admin
-    certificate_authority:add_to_project: rule:admin
-    certificate_authority:remove_from_project: rule:admin
-    certificate_authority:set_preferred: rule:admin
-    certificate_authority:set_global_preferred: rule:service_admin
-    secret_acls:put_patch: rule:secret_project_admin or rule:secret_project_creator
-    secret_acls:delete: rule:secret_project_admin or rule:secret_project_creator
-    secret_acls:get: rule:all_but_audit and rule:secret_project_match
-    container_acls:put_patch: rule:container_project_admin or rule:container_project_creator
-    container_acls:delete: rule:container_project_admin or rule:container_project_creator
-    container_acls:get: rule:all_but_audit and rule:container_project_match
-    quotas:get: rule:all_users
-    project_quotas:get: rule:service_admin
-    project_quotas:put: rule:service_admin
-    project_quotas:delete: rule:service_admin
-    secret_meta:get: rule:all_but_audit
-    secret_meta:post: rule:admin_or_creator
-    secret_meta:put: rule:admin_or_creator
-    secret_meta:delete: rule:admin_or_creator
-    secretstores:get: rule:admin
-    secretstores:get_global_default: rule:admin
-    secretstores:get_preferred: rule:admin
-    secretstore_preferred:post: rule:admin
-    secretstore_preferred:delete: rule:admin
-    secretstore:get: rule:admin
-    secret_project_match: project_id:%(target.secret.project_id)s
-    secret_creator_user: user_id:%(target.secret.creator_id)s
-    container_project_match: project_id:%(target.container.project_id)s
-    container_creator_user: user_id:%(target.container.creator_id)s
+  policy: {}
   audit_map:
     DEFAULT:
       # default target endpoint type
diff --git a/releasenotes/notes/barbican.yaml b/releasenotes/notes/barbican.yaml
index c7d1df6e95..57744f92b1 100644
--- a/releasenotes/notes/barbican.yaml
+++ b/releasenotes/notes/barbican.yaml
@@ -12,4 +12,5 @@ barbican:
   - 0.2.6 Allow Barbican to talk to Mariadb over TLS
   - 0.2.7 Fix db connection key name
   - 0.2.8 Update htk requirements repo
+  - 0.2.9 Removed default policy in favor in code policy
 ...