diff --git a/data/common.yaml b/data/common.yaml
index 65e0f5a..37b8c43 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -6,3 +6,4 @@ profile::base::resolv::nameservers:
   - '8.8.8.8'
   - '127.0.0.1'
 profile::base::resolv::domainname: home
+profile::base::selinux::mode: permissive
diff --git a/data/environments/test.yaml b/data/environments/test.yaml
new file mode 100644
index 0000000..0ba4fa7
--- /dev/null
+++ b/data/environments/test.yaml
@@ -0,0 +1,2 @@
+---
+profile::base::ssh::permit_root_login: 'yes'
diff --git a/data/nodes/puppet.home.yaml b/data/nodes/puppet.home.yaml
index bf93fdd..1c305fd 100644
--- a/data/nodes/puppet.home.yaml
+++ b/data/nodes/puppet.home.yaml
@@ -1,4 +1,4 @@
 ---
 profile::puppetserver::authority: true
-profile::puppetserver::authority::jwt_secret: "'koHc5pzVSVpJhijthem3zT8WXN8='"
+#profile::puppetserver::authority::jwt_secret: "koHc5pzVSVpJhijthem3zT8WXN8="
 profile::puppetserver::authority::validity: 7200
diff --git a/data/secrets/node/puppet.home.eyaml b/data/secrets/node/puppet.home.eyaml
new file mode 100644
index 0000000..3c21a95
--- /dev/null
+++ b/data/secrets/node/puppet.home.eyaml
@@ -0,0 +1,2 @@
+---
+profile::puppetserver::authority::jwt_secret: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAnLKlgSOslWvpo+tVP2Fd/ITPkWLc7GM2cXd3bI8tB2PqsnEDOfWYFh8Pp58nzOZTPomTVxtQ0ptud6A+VhGbQ55P5ha9GzW9Pra5q0pQEsoGjJQhLKVsbLlivYN5j+W0pfR3hAr6NgKVBX0qwESOAKKIrYth34qH7Fsrk19VDKLOUJPSbVCajwwbUdj3s0j+8k3CCkey8+FmzTDeqjNGDDMmSxcWAySfX0LfZI3GGgJDfHgo3HDia3MiN0PLfNIOpeIFWRgWnzNrzHbt3RnEV7HIp1R+W2lyr/OWCGgBPco6t7oddqk9n3i35/0pxTsKmZEjasZyNvf51/PNwKK2VjBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAaFxUesvj7c9N47ru3WWyugCDAjwhS8BqA1n37yWGIGNCrdfQDUDr/dBMZTbmaoLAKLg==]
diff --git a/hiera.yaml b/hiera.yaml
index 8bdd63e..11b6500 100644
--- a/hiera.yaml
+++ b/hiera.yaml
@@ -18,5 +18,6 @@ hierarchy:
     data_hash: yaml_data
     paths:
       - "nodes/%{trusted.certname}.yaml"
-      - "role/%{trusted.extensions.pp_role}.yaml"
+      - "roles/%{trusted.extensions.pp_role}.yaml"
+      - "environments/%{trusted.extensions.pp_environment}.yaml"
       - "common.yaml"
diff --git a/site-modules/profile/manifests/puppetserver/authority.pp b/site-modules/profile/manifests/puppetserver/authority.pp
index 1959dd7..e869191 100644
--- a/site-modules/profile/manifests/puppetserver/authority.pp
+++ b/site-modules/profile/manifests/puppetserver/authority.pp
@@ -15,15 +15,15 @@ class profile::puppetserver::authority (
     notify  => Service['pe-puppetserver'],
   }
 
-  class { ::autosign:
-    ensure => "$ensure",
+  class { '::autosign':
+    ensure => $ensure,
     config => {
-      'general' => {
-        'loglevel' => "$loglevel",
+      general => {
+        loglevel => $loglevel,
       },
-      'jwt_token' => {
-        'secret'   => "$jwt_secret",
-        'validity' => "$validity",
+      jwt_token => {
+        secret   => $jwt_secret,
+        validity => $validity,
       }
     },
   }