diff --git a/moduleroot/Gemfile.erb b/moduleroot/Gemfile.erb
index aa51485770112666a03b18326bc204bd7c54f862..c2e29d221bdfb150a3b4e7857aa993dbee50881d 100644
--- a/moduleroot/Gemfile.erb
+++ b/moduleroot/Gemfile.erb
@@ -64,13 +64,15 @@ def location_for(place_or_version, fake_version = nil, gem_name = nil)
 
   version = place_or_version || '>= 0'
 
-  if ['puppet', 'facter'].include?(gem_name) && ENV['PUPPET_AUTH_TOKEN']
+  # Only use private source if PUPPET_AUTH_TOKEN is set AND it's a puppet-related gem
+  if ['puppet', 'facter'].include?(gem_name) && !ENV['PUPPET_AUTH_TOKEN'].to_s.empty?
     [version, { require: false, source: 'https://rubygems-puppetcore.puppet.com' }]
   elsif place_or_version && (git_url = place_or_version.match(git_url_regex))
     [fake_version, { git: git_url[:url], branch: git_url[:branch], require: false }].compact
   elsif place_or_version && (file_url = place_or_version.match(file_url_regex))
     ['>= 0', { path: File.expand_path(file_url[:path]), require: false }]
   else
+    # Default to rubygems.org when PUPPET_AUTH_TOKEN is not set
     [version, { require: false }]
   end
 end