diff --git a/data/common.yaml b/data/common.yaml
index 2baa62b..98458dd 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -1,2 +1,3 @@
 ---
 message: "This node is using common data"
+profiles::base::dns::nameservers: 8.8.8.8
diff --git a/data/nodes/puppet.home.yaml b/data/nodes/puppet.home.yaml
new file mode 100644
index 0000000..cd72183
--- /dev/null
+++ b/data/nodes/puppet.home.yaml
@@ -0,0 +1,4 @@
+---
+profile::puppetserver::authority: true
+profile::puppetserver::authority::jwt_secret: "koHc5pzVSVpJhijthem3zT8WXN8="
+profile::puppetserver::authority::validity: 7200
diff --git a/hiera.yaml b/hiera.yaml
index 0f5c657..8bdd63e 100644
--- a/hiera.yaml
+++ b/hiera.yaml
@@ -5,8 +5,18 @@ defaults:
   datadir: "data"
 
 hierarchy:
-  - name: "Yaml backend"
+  - name: "Secret data: per-node, common"
+    lookup_key: eyaml_lookup_key # eyaml backend
+    paths:
+      - "secrets/node/%{trusted.certname}.eyaml"
+      - "secrets/role/%{trusted.extensions.pp_role}.eyaml"
+      - "common.eyaml"
+    options:
+      pkcs7_private_key: /etc/puppetlabs/puppet/eyaml/private_key.pkcs7.pem
+      pkcs7_public_key:  /etc/puppetlabs/puppet/eyaml/public_key.pkcs7.pem
+  - name: "Yaml backend Data"
     data_hash: yaml_data
     paths:
       - "nodes/%{trusted.certname}.yaml"
+      - "role/%{trusted.extensions.pp_role}.yaml"
       - "common.yaml"
diff --git a/site-modules/profile/manifests/puppet.pp b/site-modules/profile/manifests/puppet.pp
deleted file mode 100644
index 56aecc6..0000000
--- a/site-modules/profile/manifests/puppet.pp
+++ /dev/null
@@ -1,11 +0,0 @@
-class profile::puppet (
-  Boolean $puppetserver = true,
-  Boolean $authority    = true,
-) {
-  if $puppetserver {
-    class { '::profile::puppet::puppetserver': }
-  }
-  if $authority {
-    class { '::profile::puppet::authority': }
-  }
-}
diff --git a/site-modules/profile/manifests/puppetserver.pp b/site-modules/profile/manifests/puppetserver.pp
new file mode 100644
index 0000000..f7d1dc5
--- /dev/null
+++ b/site-modules/profile/manifests/puppetserver.pp
@@ -0,0 +1,11 @@
+class profile::puppetserver (
+  Boolean $puppetserver = true,
+  Boolean $authority    = false,
+) {
+  if $puppetserver {
+    class { '::profile::puppetserver::bootstrap': }
+  }
+  if $authority {
+    class { '::profile::puppetserver::authority': }
+  }
+}
diff --git a/site-modules/profile/manifests/puppet/authority.pp b/site-modules/profile/manifests/puppetserver/authority.pp
similarity index 51%
rename from site-modules/profile/manifests/puppet/authority.pp
rename to site-modules/profile/manifests/puppetserver/authority.pp
index e7e04f6..1959dd7 100644
--- a/site-modules/profile/manifests/puppet/authority.pp
+++ b/site-modules/profile/manifests/puppetserver/authority.pp
@@ -1,5 +1,12 @@
-class profile::puppet::authority {
+class profile::puppetserver::authority (
 
+  String $jwt_secret = 'undef',
+  String $loglevel   = 'info',
+  Integer $validity  = '0',
+  String $ensure     = 'latest',
+  Hash $config       = {},
+  Hash $jwt_token    = {},
+) {
   ini_setting { 'policy-based autosigning':
     setting => 'autosign',
     path    => "${settings::confdir}/puppet.conf",
@@ -9,14 +16,14 @@ class profile::puppet::authority {
   }
 
   class { ::autosign:
-    ensure => 'latest',
+    ensure => "$ensure",
     config => {
       'general' => {
-        'loglevel' => 'INFO',
+        'loglevel' => "$loglevel",
       },
       'jwt_token' => {
-        'secret'   => 'koHc5pzVSVpJhijthem3zT8WXN8=',
-        'validity' => '0',
+        'secret'   => "$jwt_secret",
+        'validity' => "$validity",
       }
     },
   }
diff --git a/site-modules/profile/manifests/puppet/puppetserver.pp b/site-modules/profile/manifests/puppetserver/bootstrap.pp
similarity index 94%
rename from site-modules/profile/manifests/puppet/puppetserver.pp
rename to site-modules/profile/manifests/puppetserver/bootstrap.pp
index e509bcd..033650a 100644
--- a/site-modules/profile/manifests/puppet/puppetserver.pp
+++ b/site-modules/profile/manifests/puppetserver/bootstrap.pp
@@ -1,4 +1,4 @@
-class profile::puppet::puppetserver {
+class profile::puppetserver::bootstrap {
 
   ini_setting { 'hiera_config':
     ensure => present,
diff --git a/site-modules/role/manifests/puppetserver.pp b/site-modules/role/manifests/puppetserver.pp
index 7b6cf2b..facdd72 100644
--- a/site-modules/role/manifests/puppetserver.pp
+++ b/site-modules/role/manifests/puppetserver.pp
@@ -1,6 +1,6 @@
 class role::puppetserver {
 
   include profile::base
-  include profile::puppet
+  include profile::puppetserver
 
 }