diff --git a/data/common.yaml b/data/common.yaml
index 469ccafa1f122943e51dad5aaf69911a87ad1f0f..0a059a5168b1c3b612d3bbcbe7c65c50784f3d68 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -1,5 +1,5 @@
 version: 5
-aes::auth::keytab_production: >
+aes::keytab_production: >
   ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEw
   DQYJKoZIhvcNAQEBBQAEggEAfFSsoD6ALGcGIKtmxr/5DxCxmDUSAf2M/7dg
   krxqYfSLDUZ2z4hWCqWotA2urirssyEuf2kKnX2DpVxPN/N8Nzzt6IKwgk2Y
@@ -12,7 +12,7 @@ aes::auth::keytab_production: >
   KnKyBQOSoeXYCwc8Mx0OWxI0yFu4uvFYDAT1KqWFYbuF39/xwcAtdd7brWyR
   SQj5KZjJjZ6I7hGq]
 
-aes::auth::keytab_devel: >
+aes::keytab_devel: >
   ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEw
   DQYJKoZIhvcNAQEBBQAEggEAV6TzhtqZfmrgF+c/ExBVJIuKQqgGGoaA1gRL
   q4JFbg9iDV1PsocvOWk7SCfPL7HnnEwnqSNPHSGXpW6n8x+3jevGeutnCnxY
diff --git a/manifests/auth.pp b/manifests/auth.pp
index de117eb5cbf6889f5a06a042084d09e415c4a0c0..ccd912f79ba92565f8eb0ec63aad6f77f53d0780 100644
--- a/manifests/auth.pp
+++ b/manifests/auth.pp
@@ -1,7 +1,4 @@
-class aes::auth(
-  Optional[String] $keytab_production = undef,
-  Optional[String] $keytab_devel = undef,
-){
+class aes::auth {
 
   $auth_user = auth
   $auth_group = "${auth_user}"
@@ -12,9 +9,11 @@ class aes::auth(
   # $environment since the keys are tied to the domain name rather than what 
   # environment the machine is configured in.
   if $facts[fqdn] == 'aes.edu.liu.se' {
-    $keytab = $keytab_production
+    $auth_keytab_data = lookup("aes::keytab_production", undef, undef, "lookup failed")
   } elsif $facts[fqdn] == 'aes-devel.edu.liu.se' {
-    $keytab = $keytab_devel
+    $auth_keytab_data = lookup("aes::keytab_devel", undef, undef, "lookup failed")
+  } else {
+    $auth_keytab_data = "unknown domain"
   }
 
   # Note: We rely on Boost being installed by the broker. It seems Puppet does not like
@@ -93,11 +92,11 @@ class aes::auth(
   }
 
   file { "${auth_home}/keys/kerberos.keytab" :
-    ensure  => file,
-    owner   => root,
-    group   => "${auth_group}",
-    mode    => "0640",
-    content => "$keytab"
+    ensure => file,
+    owner  => root,
+    group  => "${auth_group}",
+    mode   => "0640",
+    content => "${auth_keytab_data}"
   }
 
   exec { 'update-auth-repo' :