diff --git a/roles/kubernetes-apps/csi_driver/cinder/defaults/main.yml b/roles/kubernetes-apps/csi_driver/cinder/defaults/main.yml
index 5444f33c5e294ba2538b156309795544371d6bf1..e52187da235d13086d0cb6b7fa1f10b25559fd0b 100644
--- a/roles/kubernetes-apps/csi_driver/cinder/defaults/main.yml
+++ b/roles/kubernetes-apps/csi_driver/cinder/defaults/main.yml
@@ -5,6 +5,9 @@
 cinder_auth_url: "{{ lookup('env','OS_AUTH_URL') }}"
 cinder_username: "{{ lookup('env','OS_USERNAME') }}"
 cinder_password: "{{ lookup('env','OS_PASSWORD') }}"
+cinder_application_credential_id: "{{ lookup('env','OS_APPLICATION_CREDENTIAL_ID')  }}"
+cinder_application_credential_name: "{{ lookup('env','OS_APPLICATION_CREDENTIAL_NAME')  }}"
+cinder_application_credential_secret: "{{ lookup('env','OS_APPLICATION_CREDENTIAL_SECRET')  }}"
 cinder_region: "{{ lookup('env','OS_REGION_NAME') }}"
 cinder_tenant_id: "{{ lookup('env','OS_TENANT_ID')| default(lookup('env','OS_PROJECT_ID'),true) }}"
 cinder_tenant_name: "{{ lookup('env','OS_TENANT_NAME')| default(lookup('env','OS_PROJECT_NAME'),true) }}"
diff --git a/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-credential-check.yml b/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-credential-check.yml
index 2514494909d15c8db4f60585064f83fc08dac35b..cb65f42b0df2a3cc565c3bf099ed63102554079e 100644
--- a/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-credential-check.yml
+++ b/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-credential-check.yml
@@ -4,15 +4,38 @@
     msg: "cinder_auth_url is missing"
   when: cinder_auth_url is not defined or not cinder_auth_url
 
-- name: Cinder CSI Driver | check cinder_username value
+- name: Cinder CSI Driver | check cinder_username value cinder_application_credential_name value
   fail:
-    msg: "cinder_username is missing"
-  when: cinder_username is not defined or not cinder_username
+    msg: "you must either set cinder_username or cinder_application_credential_name"
+  when:
+    - cinder_username is not defined or not cinder_username
+    - cinder_application_credential_name is not defined or not cinder_application_credential_name
+
+- name: Cinder CSI Driver | check cinder_application_credential_id value
+  fail:
+    msg: "cinder_application_credential_id is missing"
+  when:
+    - cinder_application_credential_name is defined
+    - cinder_application_credential_name|length > 0
+    - cinder_application_credential_id is not defined or not cinder_application_credential_id
+
+- name: Cinder CSI Driver | check cinder_application_credential_secret value
+  fail:
+    msg: "cinder_application_credential_secret is missing"
+  when:
+    - cinder_application_credential_name is defined
+    - cinder_application_credential_name|length > 0
+    - cinder_application_credential_secret is not defined or not cinder_application_credential_secret
 
 - name: Cinder CSI Driver | check cinder_password value
   fail:
     msg: "cinder_password is missing"
-  when: cinder_password is not defined or not cinder_password
+  when:
+    - cinder_username is defined
+    - cinder_username|length > 0
+    - cinder_application_credential_name is not defined or not cinder_application_credential_name
+    - cinder_application_credential_secret is not defined or not cinder_application_credential_secret
+    - cinder_password is not defined or not cinder_password
 
 - name: Cinder CSI Driver | check cinder_region value
   fail:
@@ -24,11 +47,13 @@
     msg: "one of cinder_tenant_id or cinder_tenant_name must be specified"
   when:
     - cinder_tenant_id is not defined or not cinder_tenant_id
-    - cinder_tenant_name is not defined
+    - cinder_tenant_name is not defined or not cinder_tenant_name
+    - cinder_application_credential_name is not defined or not cinder_application_credential_name
 
-- name: Cinder CSI Driver | check cinder_tenant_name value
+- name: Cinder CSI Driver | check cinder_domain_id value
   fail:
-    msg: "one of cinder_tenant_id or cinder_tenant_name must be specified"
+    msg: "one of cinder_domain_id or cinder_domain_name must be specified"
   when:
-    - cinder_tenant_name is not defined or not cinder_tenant_name
-    - cinder_tenant_id is not defined
+    - cinder_domain_id is not defined or not cinder_domain_id
+    - cinder_domain_name is not defined or not cinder_domain_name
+    - cinder_application_credential_name is not defined or not cinder_application_credential_name
diff --git a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-cloud-config.j2 b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-cloud-config.j2
index 025a5144ad66e81fe80ba8c45fc0c30f31c8ae65..e992fe173337d93f5a0902907d562b1e73960ee3 100644
--- a/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-cloud-config.j2
+++ b/roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-cloud-config.j2
@@ -1,7 +1,18 @@
 [Global]
 auth-url="{{ cinder_auth_url }}"
+{% if cinder_application_credential_id is not defined and cinder_application_credential_name is not defined %}
 username="{{ cinder_username }}"
 password="{{ cinder_password }}"
+{% endif %}
+{% if cinder_application_credential_id is defined and cinder_application_credential_id != "" %}
+application-credential-id={{ cinder_application_credential_id }}
+{% endif %}
+{% if cinder_application_credential_name is defined and cinder_application_credential_name != "" %}
+application-credential-name={{ cinder_application_credential_name }}
+{% endif %}
+{% if cinder_application_credential_secret is defined and cinder_application_credential_secret != "" %}
+application-credential-secret={{ cinder_application_credential_secret }}
+{% endif %}
 region="{{ cinder_region }}"
 {% if cinder_tenant_id is defined and cinder_tenant_id != "" %}
 tenant-id="{{ cinder_tenant_id }}"
diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml b/roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml
index 2533385e69f7b0c9f4f57f0f5cc184a2e9524c47..70f20adb992c197be34586efe1ab18710849760b 100644
--- a/roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml
+++ b/roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml
@@ -5,6 +5,9 @@
 external_openstack_auth_url: "{{ lookup('env','OS_AUTH_URL')  }}"
 external_openstack_username: "{{ lookup('env','OS_USERNAME')  }}"
 external_openstack_password: "{{ lookup('env','OS_PASSWORD')  }}"
+external_openstack_application_credential_id: "{{ lookup('env','OS_APPLICATION_CREDENTIAL_ID')  }}"
+external_openstack_application_credential_name: "{{ lookup('env','OS_APPLICATION_CREDENTIAL_NAME')  }}"
+external_openstack_application_credential_secret: "{{ lookup('env','OS_APPLICATION_CREDENTIAL_SECRET')  }}"
 external_openstack_region: "{{ lookup('env','OS_REGION_NAME')  }}"
 external_openstack_tenant_id: "{{ lookup('env','OS_TENANT_ID')| default(lookup('env','OS_PROJECT_ID'),true) }}"
 external_openstack_tenant_name: "{{ lookup('env','OS_TENANT_NAME')| default(lookup('env','OS_PROJECT_NAME'),true) }}"