diff --git a/library/blivet.py b/library/blivet.py
index 6fd13457..bf9731f7 100644
--- a/library/blivet.py
+++ b/library/blivet.py
@@ -72,6 +72,9 @@
 mounts:
     description: list of dicts describing mounts to set up
     type: list of dict
+crypts:
+    description: list of dicts describing crypttab entries to set up
+    type: list of dict
 pools:
     description: list of dicts describing the pools w/ device path for each volume
     type: list of dict
@@ -785,6 +788,20 @@ def handle_new_mount(volume, fstab):
     return mount_info
 
 
+def get_crypt_info(actions):
+    info = list()
+    for action in actions:
+        if not (action.is_format and action.format.type == 'luks'):
+            continue
+
+        info.append(dict(backing_device=action.device.path,
+                         name=action.format.map_name,
+                         password=action.format.key_file or '-',
+                         state='present' if action.is_create else 'absent'))
+
+    return sorted(info, key=lambda e: e['state'])
+
+
 def get_required_packages(b, pools, volumes):
     packages = list()
     for pool in pools:
@@ -861,6 +878,7 @@ def run_module():
         actions=list(),
         leaves=list(),
         mounts=list(),
+        crypts=list(),
         pools=list(),
         volumes=list(),
         packages=list(),
@@ -956,6 +974,7 @@ def action_dict(action):
     activate_swaps(b, module.params['pools'], module.params['volumes'])
 
     result['mounts'] = get_mount_info(module.params['pools'], module.params['volumes'], actions, fstab)
+    result['crypts'] = get_crypt_info(actions)
     result['leaves'] = [d.path for d in b.devicetree.leaves]
     result['pools'] = module.params['pools']
     result['volumes'] = module.params['volumes']
diff --git a/tasks/main-blivet.yml b/tasks/main-blivet.yml
index 48e6aecb..0dc27ccd 100644
--- a/tasks/main-blivet.yml
+++ b/tasks/main-blivet.yml
@@ -165,6 +165,19 @@
     daemon_reload: yes
   when: blivet_output['mounts']
 
+#
+# Manage /etc/crypttab
+#
+- name: Manage /etc/crypttab to account for changes we just made
+  crypttab:
+    name: "{{ entry.name }}"
+    backing_device: "{{ entry.backing_device }}"
+    password: "{{ entry.password }}"
+    state: "{{ entry.state }}"
+  loop: "{{ blivet_output.crypts }}"
+  loop_control:
+    loop_var: entry
+
 #
 # Update facts since we may have changed system state.
 #
diff --git a/tests/test-verify-volume-encryption.yml b/tests/test-verify-volume-encryption.yml
index 5418ab57..60191638 100644
--- a/tests/test-verify-volume-encryption.yml
+++ b/tests/test-verify-volume-encryption.yml
@@ -33,3 +33,35 @@
     that: "{{ storage_test_blkinfo.info[storage_test_volume._device].type == 'crypt' }}"
   when: _storage_test_volume_present and storage_test_volume.encryption
 
+- set_fact:
+    _storage_test_expected_crypttab_entries: "{{ (storage_test_volume.encryption and _storage_test_volume_present)|ternary(1, 0) }}"
+    _storage_test_crypttab_entries: "{{ storage_test_crypttab.stdout_lines|map('regex_search', '^' + storage_test_volume._device|basename + ' .*$')|select('string')|list }}"
+    _storage_test_expected_crypttab_key_file: "{{ storage_test_volume.encryption_key_file or '-' }}"
+
+- name: Check for /etc/crypttab entry
+  assert:
+    that: "{{ _storage_test_crypttab_entries|length == _storage_test_expected_crypttab_entries|int }}"
+    msg: "Incorrect number of crypttab entries found for volume {{ storage_test_volume.name }}"
+
+- name: Validate the format of the crypttab entry
+  assert:
+    that: "{{ _storage_test_crypttab_entries[0].split()|length >= 3 }}"
+    msg: "Incorrectly formatted crypttab line for volume {{ storage_test_volume.name }}"
+  when: _storage_test_expected_crypttab_entries|int == 1
+
+- name: Check backing device of crypttab entry
+  assert:
+    that: "{{ _storage_test_crypttab_entries[0].split()[1] == storage_test_volume._raw_device }}"
+    msg: "Incorrect backing device in crypttab entry for volume {{ storage_test_volume.name }}"
+  when: _storage_test_expected_crypttab_entries|int == 1
+
+- name: Check key file of crypttab entry
+  assert:
+    that: "{{ _storage_test_crypttab_entries[0].split()[2] == _storage_test_expected_crypttab_key_file }}"
+    msg: "Incorrect key file in crypttab entry for volume {{ storage_test_volume.name }}"
+  when: _storage_test_expected_crypttab_entries|int == 1
+
+- set_fact:
+    _storage_test_expected_crypttab_entries: null
+    _storage_test_crypttab_entries: null
+    _storage_test_expected_crypttab_key_file: null
diff --git a/tests/verify-role-results.yml b/tests/verify-role-results.yml
index ed85687d..06f96f4a 100644
--- a/tests/verify-role-results.yml
+++ b/tests/verify-role-results.yml
@@ -21,6 +21,11 @@
   register: storage_test_fstab
   changed_when: false
 
+- name: Read the /etc/crypttab file
+  command: cat /etc/crypttab
+  register: storage_test_crypttab
+  changed_when: false
+
 #
 # Verify pools and the volumes they contain.
 #
@@ -51,5 +56,6 @@
 - name: Clean up variable namespace
   set_fact:
     storage_test_fstab: null
+    storage_test_crypttab: null
     storage_test_blkinfo: null
     storage_test_volume: null