diff --git a/.vscode/settings.json b/.vscode/settings.json
index 52f999b..403056c 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,5 +1,6 @@
 {
     "cSpell.words": [
+        "changeme",
         "reqpackage",
         "rpms",
         "sslcacert",
diff --git a/doc/puppet_classes/prometheus_cd_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/prometheus_cd_3A_3Amain_3A_3Afiles.html
index 7dbf95e..5c1db14 100644
--- a/doc/puppet_classes/prometheus_cd_3A_3Amain_3A_3Afiles.html
+++ b/doc/puppet_classes/prometheus_cd_3A_3Amain_3A_3Afiles.html
@@ -104,7 +104,19 @@
 6
 7
 8
-9</pre>
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21</pre>
       </td>
       <td>
         <pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 6</span>
@@ -112,6 +124,18 @@
 class prometheus_cd::main::files (
 ) inherits prometheus_cd::params {
   require prometheus_cd::main::dirs
+  file { $ps_main_file:
+    ensure   =&gt; file,
+    owner    =&gt; &#39;root&#39;,
+    group    =&gt; &#39;root&#39;,
+    mode     =&gt; &#39;0644&#39;,
+    selrange =&gt; s0,
+    selrole  =&gt; object_r,
+    seltype  =&gt; etc_t,
+    seluser  =&gt; system_u,
+    content  =&gt; template(&#39;prometheus_cd/prometheus.yml.erb&#39;),
+    notify   =&gt; Service[ps_prom_service],
+  }
 }</pre>
       </td>
     </tr>
diff --git a/doc/puppet_classes/prometheus_cd_3A_3Amain_3A_3Aservice.html b/doc/puppet_classes/prometheus_cd_3A_3Amain_3A_3Aservice.html
index e88064a..7307ffe 100644
--- a/doc/puppet_classes/prometheus_cd_3A_3Amain_3A_3Aservice.html
+++ b/doc/puppet_classes/prometheus_cd_3A_3Amain_3A_3Aservice.html
@@ -131,7 +131,7 @@ class prometheus_cd::main::service (
   require prometheus_cd::main::files
   require prometheus_cd::firewall::iptables
   if  ($ps_prom_host == $fqdn) and ($manage_prometheus == true) {
-    service { &#39;prometheus&#39;:
+    service { $ps_prom_service:
       ensure     =&gt; running,
       hasstatus  =&gt; true,
       hasrestart =&gt; true,
@@ -139,7 +139,7 @@ class prometheus_cd::main::service (
     }
   }
   if $manage_node_exporter == true {
-    service { &#39;node_exporter&#39;:
+    service { $ps_ne_service:
       ensure     =&gt; running,
       hasstatus  =&gt; true,
       hasrestart =&gt; true,
diff --git a/doc/puppet_classes/prometheus_cd_3A_3Aparams.html b/doc/puppet_classes/prometheus_cd_3A_3Aparams.html
index f2ba616..2751e80 100644
--- a/doc/puppet_classes/prometheus_cd_3A_3Aparams.html
+++ b/doc/puppet_classes/prometheus_cd_3A_3Aparams.html
@@ -272,6 +272,55 @@
       
     </li>
   
+    <li>
+      
+        <span class='name'>ps_auth_user</span>
+      
+      
+        <span class='type'>(<tt>String</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>&#39;changeme&#39;</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>the username for authentication</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>ps_auth_user</span>
+      
+      
+        <span class='type'>(<tt>String</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>&#39;changeme&#39;</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>the password for authentication</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>ps_auth_pass</span>
+      
+      
+        <span class='type'>(<tt>String</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>&#39;changeme&#39;</tt>)</em>
+      
+      
+    </li>
+  
 </ul>
 
 
@@ -283,8 +332,6 @@
         <pre class="lines">
 
 
-15
-16
 17
 18
 19
@@ -312,10 +359,21 @@
 41
 42
 43
-44</pre>
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55</pre>
       </td>
       <td>
-        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 15</span>
+        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 17</span>
 
 class prometheus_cd::params (
 
@@ -334,6 +392,10 @@ class prometheus_cd::params (
   String $ps_fw_prefix          = &#39;50&#39;,
   String $ps_main_port          = &#39;9090&#39;,
 
+  # auth
+  String $ps_auth_user          = &#39;changeme&#39;,
+  String $ps_auth_pass          = &#39;changeme&#39;,
+
 ) {
   # defaults
   $fqdn                   = $facts[&#39;networking&#39;][&#39;fqdn&#39;]
@@ -344,6 +406,11 @@ class prometheus_cd::params (
   # dirs
   $ps_main_dir            = &#39;/etc/prometheus&#39;
 
+  # files
+
+  # services
+  $ps_prom_service        = &#39;prometheus&#39;
+  $ps_ne_service          = &#39;node_exporter&#39;
   # includes must be last
   include prometheus_cd::main::config
 }</pre>
diff --git a/manifests/main/files.pp b/manifests/main/files.pp
index 71f70ca..7a1185d 100644
--- a/manifests/main/files.pp
+++ b/manifests/main/files.pp
@@ -6,4 +6,16 @@
 class prometheus_cd::main::files (
 ) inherits prometheus_cd::params {
   require prometheus_cd::main::dirs
+  file { $ps_main_file:
+    ensure   => file,
+    owner    => 'root',
+    group    => 'root',
+    mode     => '0644',
+    selrange => s0,
+    selrole  => object_r,
+    seltype  => etc_t,
+    seluser  => system_u,
+    content  => template('prometheus_cd/prometheus.yml.erb'),
+    notify   => Service[ps_prom_service],
+  }
 }
diff --git a/manifests/main/service.pp b/manifests/main/service.pp
index 26eaeaf..0acde91 100644
--- a/manifests/main/service.pp
+++ b/manifests/main/service.pp
@@ -8,7 +8,7 @@ class prometheus_cd::main::service (
   require prometheus_cd::main::files
   require prometheus_cd::firewall::iptables
   if  ($ps_prom_host == $fqdn) and ($manage_prometheus == true) {
-    service { 'prometheus':
+    service { $ps_prom_service:
       ensure     => running,
       hasstatus  => true,
       hasrestart => true,
@@ -16,7 +16,7 @@ class prometheus_cd::main::service (
     }
   }
   if $manage_node_exporter == true {
-    service { 'node_exporter':
+    service { $ps_ne_service:
       ensure     => running,
       hasstatus  => true,
       hasrestart => true,
diff --git a/manifests/params.pp b/manifests/params.pp
index 3e04ed9..ce0ce1b 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -11,6 +11,8 @@
 # @param [String] ps_prom_host the fqdn of the prometheus server
 # @param [String] ps_fw_prefix the firewall rule prefix
 # @param [String] ps_main_port the firewall main port for prometheus
+# @param [String] ps_auth_user the username for authentication
+# @param [String] ps_auth_user the password for authentication
 ##############################################################################
 class prometheus_cd::params (
 
@@ -29,6 +31,10 @@ class prometheus_cd::params (
   String $ps_fw_prefix          = '50',
   String $ps_main_port          = '9090',
 
+  # auth
+  String $ps_auth_user          = 'changeme',
+  String $ps_auth_pass          = 'changeme',
+
 ) {
   # defaults
   $fqdn                   = $facts['networking']['fqdn']
@@ -39,6 +45,11 @@ class prometheus_cd::params (
   # dirs
   $ps_main_dir            = '/etc/prometheus'
 
+  # files
+
+  # services
+  $ps_prom_service        = 'prometheus'
+  $ps_ne_service          = 'node_exporter'
   # includes must be last
   include prometheus_cd::main::config
 }
diff --git a/templates/prometheus.yaml b/templates/prometheus.yml.erb
similarity index 67%
rename from templates/prometheus.yaml
rename to templates/prometheus.yml.erb
index 7092154..e75b941 100644
--- a/templates/prometheus.yaml
+++ b/templates/prometheus.yml.erb
@@ -25,10 +25,10 @@ scrape_configs:
   - targets:
     - localhost:9090
   basic_auth:
-      username_file: /etc/prometheus/secrets/prometheus-auth/username
-      password_file: /etc/prometheus/secrets/prometheus-auth/password
+    username: <%= @ps_auth_user %>
+    password: <%= @ps_auth_pass %>
 remote_write:
   - url: "http://localhost:9090/api/v1/write"
     basic_auth:
-      username_file: /etc/prometheus/secrets/prometheus-auth/username
-      password_file: /etc/prometheus/secrets/prometheus-auth/password
\ No newline at end of file
+      username: <%= @ps_auth_user %>
+      password: <%= @ps_auth_pass %>
\ No newline at end of file