diff --git a/data/common.yaml b/data/common.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..469ccafa1f122943e51dad5aaf69911a87ad1f0f
--- /dev/null
+++ b/data/common.yaml
@@ -0,0 +1,27 @@
+version: 5
+aes::auth::keytab_production: >
+  ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEw
+  DQYJKoZIhvcNAQEBBQAEggEAfFSsoD6ALGcGIKtmxr/5DxCxmDUSAf2M/7dg
+  krxqYfSLDUZ2z4hWCqWotA2urirssyEuf2kKnX2DpVxPN/N8Nzzt6IKwgk2Y
+  EL4EbjOGdbUtH6vQmq4gcbQEs5WRiVDWYeFBvq4+OlLqbnOuaQu4opLzz6R3
+  Syqx7+y3f8E+CaBHHB+6FN+P2LMPlqQQo7eiUSWFFuarJIDm1058yf/qAuhL
+  wlIZW8e5u72g6UDd8pzZzsLp050HJL6D5RJGln3/D41Ovg2UaUYSqcJw+AFA
+  5U9cmHj+7aaRHaEVqaxbcHCWulD1ayN5T42EhEx3j5BJC7xeI+dWaqfLBTgm
+  dHm8cDCBjAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQ6Gqc0YRrzi6w4+sw
+  QGUDM4BgTxHOYZpR3/stp6XdF5dt+LH+MVKobcQqw8f7d9t6ErChN/x2hRav
+  KnKyBQOSoeXYCwc8Mx0OWxI0yFu4uvFYDAT1KqWFYbuF39/xwcAtdd7brWyR
+  SQj5KZjJjZ6I7hGq]
+
+aes::auth::keytab_devel: >
+  ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEw
+  DQYJKoZIhvcNAQEBBQAEggEAV6TzhtqZfmrgF+c/ExBVJIuKQqgGGoaA1gRL
+  q4JFbg9iDV1PsocvOWk7SCfPL7HnnEwnqSNPHSGXpW6n8x+3jevGeutnCnxY
+  FPSt6icAVfoF0m6ih7ls+NPKab8iAXbucWG2zhOq2IgYquKE2E7HZU87gIM0
+  w0h2aWgWw6Dnn90MhgwHl3p8RmielDu3XByM8NQ8Mvym7oNZTrcIFne1qoay
+  2t6aSyXDMRAx+3EtpbNLwkPk5I395Rt1YlsZWXjT+2s0sr1+1S1ECGOJZNWq
+  s2CEd3JoYD6mQn3ng7I2Rzzvrfl/tKYm1SJY7MDsKHZLKNcxSLdjPJQeUx3i
+  R+qfRjCBjAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQlXwrYkHkhsX0d7VY
+  GOSYr4Bg3/0GZbAt5i4epB6AfnweBJcwPrdVyo91tY/cOyTlqJwZnFhuY281
+  3Dvy4xliNgqm8nzsX2fG5kMHnB74Y2JQPsGb0ZnZfCwak9JfPqQzZmuvWMhA
+  Fgsv+Aw8HmVNvJC4]
+  
\ No newline at end of file
diff --git a/manifests/auth.pp b/manifests/auth.pp
index 1eebfba9d2ee88f39bc773ae4e2c498cc1538b7d..d4eb56adc627d66d61444ea1bec9bed8b8896941 100644
--- a/manifests/auth.pp
+++ b/manifests/auth.pp
@@ -1,10 +1,22 @@
-class aes::auth {
+class aes::auth(
+  Optional[String] $keytab_production = undef,
+  Optional[String] $keytab_devel = undef,
+){
 
   $auth_user = auth
   $auth_group = "${auth_user}"
   $auth_home = "/srv/${auth_user}"
   $auth_service = "aes_auth"
 
+  # Pick the right keytab for the current environment. We use the fqdn rather than 
+  # $environment since the keys are tied to the domain name rather than what 
+  # environment the machine is configured in.
+  if $facts[fqdn] == 'aes.edu.liu.se' {
+    $keytab = $keytab_production
+  } elsif $facts[fqdn] == 'aes-devel.edu.liu.se' {
+    $keytab = $keytab_devel
+  }
+
   # Note: We rely on Boost being installed by the broker. It seems Puppet does not like
   # that we specify "boost" multiple times, even though it would look nice, modularity-wise
   # since both the auth server and the broker requires boost.
@@ -73,6 +85,20 @@ class aes::auth {
     source => "puppet:///modules/${module_name}/auth/start.sh",
   }
 
+  file { "${auth_home}/keys" :
+    ensure => directory,
+    owner  => "${auth_user}",
+    group  => "${auth_group}",
+    mode   => "0700"
+  }
+
+  file { "${auth_home}/keys/kerberos.keytab" :
+    ensure => file,
+    owner  => root,
+    group  => "${auth_group}",
+    mode   => "0640"
+  }
+
   exec { 'update-auth-repo' :
     command => "/opt/utils/update_repo.sh ${auth_home}/src https://oauth2:F-agHaRXCdyFy38q4c-N@gitlab.liu.se/upp-aes/communication.git production",
     environment => [ "REPO_USER=${auth_user}", "REPO_GROUP=${auth_group}", "REPO_ON_UPDATE=${auth_home}/on_update.sh" ],