diff --git a/playbooks/openshift-apps/bodhi.yml b/playbooks/openshift-apps/bodhi.yml
index 83f4dbe2d4..26725fa6bb 100644
--- a/playbooks/openshift-apps/bodhi.yml
+++ b/playbooks/openshift-apps/bodhi.yml
@@ -14,6 +14,12 @@
     description: bodhi
     appowners:
     - bowlofeggs
+  - role: openshift/keytab
+    app: bodhi
+    secret_name: bodhi-keytab
+    service: bodhi
+    host: "bodhi.stg.fedoraproject.org"
+    when: env == "staging"
   - role: openshift/secret-file
     app: bodhi
     secret_name: bodhi-fedmsg-key
diff --git a/roles/openshift/keytab/tasks/main.yml b/roles/openshift/keytab/tasks/main.yml
new file mode 100644
index 0000000000..bb4197c67f
--- /dev/null
+++ b/roles/openshift/keytab/tasks/main.yml
@@ -0,0 +1,17 @@
+- name: Create temporary file
+  tempfile: state=file
+  register: tmpfile
+  run_once: true
+
+- include_role: keytab/service
+  kt_location: "{{ tmpfile.path }}"
+
+- name: Call `oc secrets new` on the copied file
+  shell: oc -n {{app}} secrets new {{secret_name}} {{key}}={{tmpfile.path}}
+  run_once: true
+  register: create_out
+  failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr"
+
+- name: Delete temporary file
+  file: path={{tmpfile.path}} state=absent
+  run_once: true