diff --git a/components/openstack-secrets.tpl.yaml b/components/openstack-secrets.tpl.yaml
index fbeadb4ce..c7fdc9652 100644
--- a/components/openstack-secrets.tpl.yaml
+++ b/components/openstack-secrets.tpl.yaml
@@ -17,6 +17,12 @@ endpoints:
       ironic:
         password: "${IRONIC_KEYSTONE_PASSWORD}"
 
+  # 'oslo_cache' is the memcache layer
+  oslo_cache:
+    auth:
+      # this is used for encrypting / protecting the memcache tokens
+      memcache_secret_key: "${MEMCACHE_SECRET_KEY}"
+
   # 'oslo_db' is for MariaDB
   oslo_db:
     auth:
diff --git a/scripts/gen-os-secrets.sh b/scripts/gen-os-secrets.sh
index 43cdd720a..d0acbaeaa 100755
--- a/scripts/gen-os-secrets.sh
+++ b/scripts/gen-os-secrets.sh
@@ -28,6 +28,9 @@ SCRIPTS_DIR="$(dirname "$0")"
 echo "This script will attempt to look up the existing values this repo used"
 echo "or will generate new values. The output below will be related to that."
 
+# memcache secret key
+export MEMCACHE_SECRET_KEY=$("${SCRIPTS_DIR}/pwgen.sh" 64)
+
 # keystone admin
 export KEYSTONE_ADMIN_PASSWORD=$(kubectl -n openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d || "${SCRIPTS_DIR}/pwgen.sh")
 # keystone mariadb