diff --git a/manifests/jenkinsuser.pp b/manifests/jenkinsuser.pp
index ddc3020..746bd0e 100644
--- a/manifests/jenkinsuser.pp
+++ b/manifests/jenkinsuser.pp
@@ -55,17 +55,15 @@ class jenkins::jenkinsuser(
     require => File['/home/jenkins'],
   }
 
-  ssh_authorized_key { 'jenkins-master-2014-04-24':
-    ensure  => present,
-    user    => 'jenkins',
-    type    => 'ssh-rsa',
-    key     => $ssh_key,
+  # cleanup old content in directory
+  file { '/home/jenkins/.ssh/authorized_keys':
+    ensure  => 'file',
+    owner   => 'jenkins',
+    group   => 'jenkins',
+    mode    => '0600',
+    content => template('jenkins/authorized_keys.erb'),
     require => File['/home/jenkins/.ssh'],
   }
-  ssh_authorized_key { '/home/jenkins/.ssh/authorized_keys':
-    ensure => absent,
-    user   => 'jenkins',
-  }
 
   #NOTE: not all distributions have default bash files in /etc/skel
   if ($::osfamily == 'Debian') {
diff --git a/templates/authorized_keys.erb b/templates/authorized_keys.erb
new file mode 100644
index 0000000..8542cb7
--- /dev/null
+++ b/templates/authorized_keys.erb
@@ -0,0 +1,10 @@
+# HEADER: This file has been autogenerated by puppet.
+# HEADER: While it can still be managed manually, it
+# HEADER: is definitely not recommended.
+<% if @ssh_key.is_a? Array -%>
+<% @ssh_key.each do |key| -%>
+ssh-rsa <%= key %>
+<% end -%>
+<% else %>
+ssh-rsa <%= @ssh_key %>
+<% end -%>