diff --git a/cdist/conf/type/__consul_template/files/versions/0.6.5/cksum b/cdist/conf/type/__consul_template/files/versions/0.6.5/cksum
deleted file mode 100644
index 2dcac994..00000000
--- a/cdist/conf/type/__consul_template/files/versions/0.6.5/cksum
+++ /dev/null
@@ -1 +0,0 @@
-1356006333 8496656 consul-template
diff --git a/cdist/conf/type/__consul_template/files/versions/0.6.5/source b/cdist/conf/type/__consul_template/files/versions/0.6.5/source
deleted file mode 100644
index 09a1ce3a..00000000
--- a/cdist/conf/type/__consul_template/files/versions/0.6.5/source
+++ /dev/null
@@ -1 +0,0 @@
-https://github.com/hashicorp/consul-template/releases/download/v0.6.5/consul-template_0.6.5_linux_amd64.tar.gz
diff --git a/cdist/conf/type/__consul_template/files/versions/0.9.0/cksum b/cdist/conf/type/__consul_template/files/versions/0.9.0/cksum
deleted file mode 100644
index 0f86f500..00000000
--- a/cdist/conf/type/__consul_template/files/versions/0.9.0/cksum
+++ /dev/null
@@ -1 +0,0 @@
-4037434610 8901128 consul-template
diff --git a/cdist/conf/type/__consul_template/files/versions/0.9.0/source b/cdist/conf/type/__consul_template/files/versions/0.9.0/source
deleted file mode 100644
index 25fd18e9..00000000
--- a/cdist/conf/type/__consul_template/files/versions/0.9.0/source
+++ /dev/null
@@ -1 +0,0 @@
-https://github.com/hashicorp/consul-template/releases/download/v0.9.0/consul-template_0.9.0_linux_amd64.tar.gz
diff --git a/cdist/conf/type/__consul_template/man.text b/cdist/conf/type/__consul_template/man.text
index 876690ee..0d86aee8 100644
--- a/cdist/conf/type/__consul_template/man.text
+++ b/cdist/conf/type/__consul_template/man.text
@@ -57,6 +57,15 @@ syslog-facility::
    The default value is LOCAL0.
 token::
    the Consul API token.
+vault-address::
+   the location of the Vault instance to query (may be an IP address or FQDN) with port.
+vault-token::
+   the Vault API token.
+vault-ssl-cert::
+   Path to an SSL client certificate to use to authenticate to the vault server.
+vault-ssl-ca-cert::
+   Path to a CA certificate file, containing one or more CA certificates to
+   use to validate the certificate sent by the vault server to us.
 version::
    which version of consul-template to install. See ./files/versions for a list of
    supported versions. Defaults to the latest known version.
@@ -74,6 +83,10 @@ ssl-no-verify::
    ignore certificate warnings. Only used if ssl is enabled.
 syslog::
    Send log output to syslog (in addition to stdout and stderr).
+vault-ssl::
+   use HTTPS while talking to Vault. Requires the Vault server to be configured to serve secure connections.
+vault-ssl-no-verify::
+   ignore certificate warnings. Only used if vault is enabled.
 
 
 EXAMPLES
diff --git a/cdist/conf/type/__consul_template/manifest b/cdist/conf/type/__consul_template/manifest
index edeca89c..cedcb413 100755
--- a/cdist/conf/type/__consul_template/manifest
+++ b/cdist/conf/type/__consul_template/manifest
@@ -77,17 +77,64 @@ require="__directory/etc/consul-template" \
 (
 for param in $(ls "$__object/parameter/"); do
    case "$param" in
-      ssl|ssl-no-verify) # boolean
-         key="$(echo "$param" | tr '-' '_')"
-         printf '%s = true\n' "$key"
+      auth-password|state|ssl-*|syslog-*|version|vault-token|vault-ssl*) continue ;;
+      auth-username)
+         printf 'auth {\n'
+         printf '  enabled = true\n'
+         printf '  username = "%s"\n' "$(cat "$__object/parameter/auth-username")"
+         if [ -f "$__object/parameter/auth-password" ]; then
+            printf '  password = %s\n' "$(cat "$__object/parameter/auth-password")"
+         fi
+         printf '}\n'
       ;;
-      auth|batch-size|consul|max-stale|retry|token|wait)
-         key="$(echo "$param" | tr '-' '_')"
-         printf '%s = "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
+      ssl)
+         printf 'ssl {\n'
+         printf '  enabled = true\n'
+         if [ -f "$__object/parameter/ssl-no-verify" ]; then
+            printf '  verify = false\n'
+         fi
+         if [ -f "$__object/parameter/ssl-cert" ]; then
+            printf '  cert = "%s"\n' "$(cat "$__object/parameter/ssl-cert")"
+         fi
+         if [ -f "$__object/parameter/ssl-ca-cert" ]; then
+            printf '  ca_cert = "%s"\n' "$(cat "$__object/parameter/ssl-ca-cert")"
+         fi
+         printf '}\n'
+      ;;
+      syslog)
+         printf 'syslog {\n'
+         printf '  enabled = true\n'
+         if [ -f "$__object/parameter/syslog-facility" ]; then
+            printf '  facility = "%s"\n' "$(cat "$__object/parameter/syslog-facility")"
+         fi
+         printf '}\n'
+      ;;
+      vault-address)
+         printf 'vault {\n'
+         printf '  address = "%s"\n' "$(cat "$__object/parameter/vault-address")"
+         if [ -f "$__object/parameter/vault-token" ]; then
+            printf '  token = "%s"\n' "$(cat "$__object/parameter/vault-token")"
+         fi
+         if [ -f "$__object/parameter/vault-ssl" ]; then
+         printf '  ssl {\n'
+         printf '    enabled = true\n'
+         if [ -f "$__object/parameter/vault-ssl-no-verify" ]; then
+            printf '    verify = false\n'
+         fi
+         if [ -f "$__object/parameter/vault-ssl-cert" ]; then
+            printf '    cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-cert")"
+         fi
+         if [ -f "$__object/parameter/vault-ssl-ca-cert" ]; then
+            printf '    ca_cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-ca-cert")"
+         fi
+         printf '  }\n'
+         fi
+         printf '}\n'
       ;;
       *)
-         # ignore unknown parameters
-         :
+         # string key=value parameters
+         key="$(echo "$param" | tr '-' '_')"
+         printf '%s = "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
       ;;
    esac
 done