diff --git a/data/common.yaml b/data/common.yaml
index cdef6200aff75a057b893ba2620c4ca80c75fe04..a1f3a0c64942050ae90acfd05ac9785df12976b7 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -1,6 +1,6 @@
 ---
 version: 5
-aes::keytab_production: >
+aes::auth::keytab_production: >
   ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEw
   DQYJKoZIhvcNAQEBBQAEggEAfFSsoD6ALGcGIKtmxr/5DxCxmDUSAf2M/7dg
   krxqYfSLDUZ2z4hWCqWotA2urirssyEuf2kKnX2DpVxPN/N8Nzzt6IKwgk2Y
@@ -13,7 +13,7 @@ aes::keytab_production: >
   KnKyBQOSoeXYCwc8Mx0OWxI0yFu4uvFYDAT1KqWFYbuF39/xwcAtdd7brWyR
   SQj5KZjJjZ6I7hGq]
 
-aes::keytab_devel: >
+aes::auth::keytab_devel: >
   ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEw
   DQYJKoZIhvcNAQEBBQAEggEAV6TzhtqZfmrgF+c/ExBVJIuKQqgGGoaA1gRL
   q4JFbg9iDV1PsocvOWk7SCfPL7HnnEwnqSNPHSGXpW6n8x+3jevGeutnCnxY
diff --git a/manifests/auth.pp b/manifests/auth.pp
index ccd912f79ba92565f8eb0ec63aad6f77f53d0780..31558d162fd9800511f4d76c5a4897c8f6609946 100644
--- a/manifests/auth.pp
+++ b/manifests/auth.pp
@@ -1,4 +1,7 @@
-class aes::auth {
+class aes::auth(
+  Optional[String] $keytab_production = undef,
+  Optional[String] $keytab_devel = undef
+){
 
   $auth_user = auth
   $auth_group = "${auth_user}"
@@ -9,11 +12,11 @@ class aes::auth {
   # $environment since the keys are tied to the domain name rather than what 
   # environment the machine is configured in.
   if $facts[fqdn] == 'aes.edu.liu.se' {
-    $auth_keytab_data = lookup("aes::keytab_production", undef, undef, "lookup failed")
+    $auth_keytab_data = $keytab_production
   } elsif $facts[fqdn] == 'aes-devel.edu.liu.se' {
-    $auth_keytab_data = lookup("aes::keytab_devel", undef, undef, "lookup failed")
+    $auth_keytab_data = $keytab_devel
   } else {
-    $auth_keytab_data = "unknown domain"
+    $auth_keytab_data = undef
   }
 
   # Note: We rely on Boost being installed by the broker. It seems Puppet does not like
@@ -91,12 +94,14 @@ class aes::auth {
     mode   => "0700"
   }
 
-  file { "${auth_home}/keys/kerberos.keytab" :
-    ensure => file,
-    owner  => root,
-    group  => "${auth_group}",
-    mode   => "0640",
-    content => "${auth_keytab_data}"
+  if $auth_keytab_data {
+    file { "${auth_home}/keys/kerberos.keytab" :
+      ensure => file,
+      owner  => root,
+      group  => "${auth_group}",
+      mode   => "0640",
+      content => "${auth_keytab_data}"
+    }
   }
 
   exec { 'update-auth-repo' :