diff --git a/.vscode/settings.json b/.vscode/settings.json
index 52f999b..403056c 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,5 +1,6 @@
 {
     "cSpell.words": [
+        "changeme",
         "reqpackage",
         "rpms",
         "sslcacert",
diff --git a/manifests/main/files.pp b/manifests/main/files.pp
index 71f70ca..7a1185d 100644
--- a/manifests/main/files.pp
+++ b/manifests/main/files.pp
@@ -6,4 +6,16 @@
 class prometheus_cd::main::files (
 ) inherits prometheus_cd::params {
   require prometheus_cd::main::dirs
+  file { $ps_main_file:
+    ensure   => file,
+    owner    => 'root',
+    group    => 'root',
+    mode     => '0644',
+    selrange => s0,
+    selrole  => object_r,
+    seltype  => etc_t,
+    seluser  => system_u,
+    content  => template('prometheus_cd/prometheus.yml.erb'),
+    notify   => Service[ps_prom_service],
+  }
 }
diff --git a/manifests/main/service.pp b/manifests/main/service.pp
index 26eaeaf..0acde91 100644
--- a/manifests/main/service.pp
+++ b/manifests/main/service.pp
@@ -8,7 +8,7 @@ class prometheus_cd::main::service (
   require prometheus_cd::main::files
   require prometheus_cd::firewall::iptables
   if  ($ps_prom_host == $fqdn) and ($manage_prometheus == true) {
-    service { 'prometheus':
+    service { $ps_prom_service:
       ensure     => running,
       hasstatus  => true,
       hasrestart => true,
@@ -16,7 +16,7 @@ class prometheus_cd::main::service (
     }
   }
   if $manage_node_exporter == true {
-    service { 'node_exporter':
+    service { $ps_ne_service:
       ensure     => running,
       hasstatus  => true,
       hasrestart => true,
diff --git a/manifests/params.pp b/manifests/params.pp
index 3e04ed9..ce0ce1b 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -11,6 +11,8 @@
 # @param [String] ps_prom_host the fqdn of the prometheus server
 # @param [String] ps_fw_prefix the firewall rule prefix
 # @param [String] ps_main_port the firewall main port for prometheus
+# @param [String] ps_auth_user the username for authentication
+# @param [String] ps_auth_user the password for authentication
 ##############################################################################
 class prometheus_cd::params (
 
@@ -29,6 +31,10 @@ class prometheus_cd::params (
   String $ps_fw_prefix          = '50',
   String $ps_main_port          = '9090',
 
+  # auth
+  String $ps_auth_user          = 'changeme',
+  String $ps_auth_pass          = 'changeme',
+
 ) {
   # defaults
   $fqdn                   = $facts['networking']['fqdn']
@@ -39,6 +45,11 @@ class prometheus_cd::params (
   # dirs
   $ps_main_dir            = '/etc/prometheus'
 
+  # files
+
+  # services
+  $ps_prom_service        = 'prometheus'
+  $ps_ne_service          = 'node_exporter'
   # includes must be last
   include prometheus_cd::main::config
 }
diff --git a/templates/prometheus.yaml b/templates/prometheus.yml.erb
similarity index 67%
rename from templates/prometheus.yaml
rename to templates/prometheus.yml.erb
index 7092154..e75b941 100644
--- a/templates/prometheus.yaml
+++ b/templates/prometheus.yml.erb
@@ -25,10 +25,10 @@ scrape_configs:
   - targets:
     - localhost:9090
   basic_auth:
-      username_file: /etc/prometheus/secrets/prometheus-auth/username
-      password_file: /etc/prometheus/secrets/prometheus-auth/password
+    username: <%= @ps_auth_user %>
+    password: <%= @ps_auth_pass %>
 remote_write:
   - url: "http://localhost:9090/api/v1/write"
     basic_auth:
-      username_file: /etc/prometheus/secrets/prometheus-auth/username
-      password_file: /etc/prometheus/secrets/prometheus-auth/password
\ No newline at end of file
+      username: <%= @ps_auth_user %>
+      password: <%= @ps_auth_pass %>
\ No newline at end of file