diff --git a/manifests/ceph/mon.pp b/manifests/ceph/mon.pp
index 511e1b4..7ad40c2 100644
--- a/manifests/ceph/mon.pp
+++ b/manifests/ceph/mon.pp
@@ -1,36 +1,30 @@
 # Ceph Monitor profile
 class profile::ceph::mon {
   include profile::ceph::base
 
-  $mon_key = hiera('ceph::key::mon')
-  $mgr_key = hiera('ceph::key::mgr')
-  $admin_key = hiera('ceph::key::admin')
-  $bootstrap_osd_key = hiera('ceph::key::bootstrap_osd')
+  $mon_secret = hiera('ceph::secret::mon')
+  $mgr_secret = hiera('ceph::secret::mgr')
+
+  $client_keys = hiera('ceph::keys')
 
   ::ceph::mon {$::hostname:
-    key => $mon_key,
+    key => $mon_secret,
   }
 
   ::ceph::mgr {$::hostname:
-    key        => $mgr_key,
+    key        => $mgr_secret,
     inject_key => true,
   }
 
   ::Ceph::Key {
     inject => true,
     inject_as_id => 'mon.',
     inject_keyring => "/var/lib/ceph/mon/ceph-${::hostname}/keyring",
   }
 
-  ::ceph::key {'client.admin':
-    secret  => $admin_key,
-    cap_mon => 'allow *',
-    cap_osd => 'allow *',
-    cap_mds => 'allow',
-  }
-
-  ::ceph::key {'client.bootstrap-osd':
-    secret  => $bootstrap_osd_key,
-    cap_mon => 'allow profile bootstrap-osd',
+  each($client_keys) |$name, $data| {
+    ::ceph::key {"client.${name}":
+      * => $data,
+    }
   }
 }
diff --git a/manifests/ceph/osd.pp b/manifests/ceph/osd.pp
index 73922c0..4653463 100644
--- a/manifests/ceph/osd.pp
+++ b/manifests/ceph/osd.pp
@@ -1,10 +1,10 @@
 # Ceph OSD profile
 class profile::ceph::osd {
   include profile::ceph::base
 
-  $bootstrap_osd_key = hiera('ceph::key::bootstrap_osd')
+  $bootstrap_osd_secret = hiera('ceph::secret::bootstrap_osd')
   ::ceph::key {'client.bootstrap-osd':
     keyring_path => '/var/lib/ceph/bootstrap-osd/ceph.keyring',
-    secret       => $bootstrap_osd_key,
+    secret       => $bootstrap_osd_secret,
   }
 }