diff --git a/cdist/conf/type/__ssh_authorized_keys/explorer/entry b/cdist/conf/type/__ssh_authorized_keys/explorer/entry
deleted file mode 100755
index 9992d32d..00000000
--- a/cdist/conf/type/__ssh_authorized_keys/explorer/entry
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/sh
-#
-# 2012 Steven Armstrong (steven-cdist at armstrong.cc)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see <http://www.gnu.org/licenses/>.
-#
-
-owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
-if [ -f "$__object/parameter/file" ]; then
-   file="$(cat "$__object/parameter/file")"
-else
-   home="$("$__type_explorer/passwd" | cut -d':' -f 6)"
-   file="$home/.ssh/authorized_keys"
-fi
-
-# no authorized_keys file, nothing we could do
-[ -f "$file" ] || exit 0
-
-# NOTE: keep variables in sync in manifest/explorer/gencode-*
-prefix="#cdist:$__object_name"
-suffix="#/cdist:$__object_name"
-awk -v prefix="$prefix" -v suffix="$suffix" '{
-   if (index($0,prefix)) {
-      triggered=1
-   }
-   if (triggered) {
-      if (index($0,suffix)) {
-            triggered=0
-      }
-      print
-   }
-}' "$file"
diff --git a/cdist/conf/type/__ssh_authorized_keys/gencode-remote b/cdist/conf/type/__ssh_authorized_keys/gencode-remote
deleted file mode 100755
index 7fcb59c6..00000000
--- a/cdist/conf/type/__ssh_authorized_keys/gencode-remote
+++ /dev/null
@@ -1,84 +0,0 @@
-#!/bin/sh
-#
-# 2012-2013 Steven Armstrong (steven-cdist at armstrong.cc)
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see <http://www.gnu.org/licenses/>.
-#
-
-owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
-if [ -f "$__object/parameter/file" ]; then
-   file="$(cat "$__object/parameter/file")"
-else
-   home="$(cut -d':' -f 6 "$__object/explorer/passwd")"
-   file="$home/.ssh/authorized_keys"
-fi
-
-entry="$__object/files/entry"
-if [ ! -s "$__object/explorer/entry" ]; then
-   state_is='absent'
-else
-   state_is=$(diff -q "$entry" "$__object/explorer/entry" >/dev/null \
-      && echo present \
-      || echo changed
-   )
-fi
-
-state_should="$(cat "$__object/parameter/state" 2>/dev/null || echo present)"
-if [ "$state_should" = "$state_is" ]; then
-   # Nothing to do, move along
-   exit 0
-fi
-
-remove_entry() {
-   # NOTE: keep variables in sync in manifest/explorer/gencode-*
-   prefix="#cdist:$__object_name"
-   suffix="#/cdist:$__object_name"
-   cat << DONE
-tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
-# preserve ownership and permissions by copying existing file over tmpfile
-cp -p "$file" "\$tmpfile"
-awk -v prefix="$prefix" -v suffix="$suffix" '
-{
-   if (index(\$0,prefix)) {
-      triggered=1
-   }
-   if (triggered) {
-      if (index(\$0,suffix)) {
-         triggered=0
-      }
-   } else {
-      print
-   }
-}' "$file" > "\$tmpfile"
-mv -f "\$tmpfile" "$file"
-DONE
-}
-
-case "$state_should" in
-   present)
-      if [ "$state_is" = "changed" ]; then
-         remove_entry
-      fi
-      cat << DONE
-cat >> "$file" << ${__type##*/}_DONE
-$(cat "$entry")
-${__type##*/}_DONE
-DONE
-   ;;
-   absent)
-      remove_entry
-   ;;
-esac
diff --git a/cdist/conf/type/__ssh_authorized_keys/manifest b/cdist/conf/type/__ssh_authorized_keys/manifest
index 8b299d0a..8631d042 100755
--- a/cdist/conf/type/__ssh_authorized_keys/manifest
+++ b/cdist/conf/type/__ssh_authorized_keys/manifest
@@ -56,19 +56,16 @@ if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ];
    fi
 fi
 
-# NOTE: keep variables in sync in manifest/explorer/gencode-*
-prefix="#cdist:$__object_name"
-suffix="#/cdist:$__object_name"
-
-mkdir "$__object/files"
-
 # Generate entry for inclusion in authorized_keys file
-entry="$__object/files/entry"
-echo "$prefix" > "$entry"
+(
 if [ -f "$__object/parameter/comment" ]; then
-   echo "# $(cat "$__object/parameter/comment")" >> "$entry"
+   echo "# $(cat "$__object/parameter/comment")"
 fi
-cat "$__object/parameter/key" >> "$entry"
-# ensure we have a newline after keys
-echo >> "$entry"
-echo "$suffix" >> "$entry"
+cat "$__object/parameter/key"
+) | \
+__block "$__object_name" \
+   --file "$file" \
+   --prefix "#cdist:$__object_name" \
+   --suffix "#/cdist:$__object_name" \
+   --state "$state" \
+   --text -