diff --git a/playbooks/openshift-apps/ipsilon.yml b/playbooks/openshift-apps/ipsilon.yml
index d2cf103af8..1aa420724e 100644
--- a/playbooks/openshift-apps/ipsilon.yml
+++ b/playbooks/openshift-apps/ipsilon.yml
@@ -28,7 +28,7 @@
 
   - role: openshift/keytab
     app: ipsilon
-    key: ipsilon-keytab
+    key: service.keytab
     secret_name: ipsilon-keytab
     service: HTTP
     host: "id{{ env_suffix }}.fedoraproject.org"
diff --git a/roles/ipsilon/templates/configmap.yml b/roles/ipsilon/templates/configmap.yml
index edc99b2089..33684374d7 100644
--- a/roles/ipsilon/templates/configmap.yml
+++ b/roles/ipsilon/templates/configmap.yml
@@ -21,8 +21,8 @@ data:
      ticket_lifetime = 24h
      renew_lifetime = 7d
      forwardable = true
-     default_keytab_name = FILE:/etc/keytabs/ipsilon-keytab
-     default_client_keytab_name = FILE:/etc/keytabs/ipsilon-keytab
+     default_keytab_name = FILE:/etc/keytabs/service.keytab
+     default_client_keytab_name = FILE:/etc/keytabs/service.keytab
     [realms]
      {{ ipa_realm }} = {
       kdc = https://id{{ env_suffix }}.fedoraproject.org/KdcProxy
diff --git a/roles/ipsilon/templates/ipsilon-httpd.conf.j2 b/roles/ipsilon/templates/ipsilon-httpd.conf.j2
index eddb47f3d8..bc5c465870 100644
--- a/roles/ipsilon/templates/ipsilon-httpd.conf.j2
+++ b/roles/ipsilon/templates/ipsilon-httpd.conf.j2
@@ -31,7 +31,7 @@ WSGIRestrictSignal Off
 
 <Location /login/gssapi/negotiate>
     AuthName "GSSAPI Single Sign On Login"
-    GssapiCredStore keytab:/etc/keytabs/ipsilon-keytab
+    GssapiCredStore keytab:/etc/keytabs/service.keytab
     AuthType GSSAPI
     # This is off because Apache (and thus mod_auth_gssapi) doesn't know this is proxied over TLS
     GssapiSSLonly Off