diff --git a/cdist/conf/type/__ssh_authorized_key/explorer/entry b/cdist/conf/type/__ssh_authorized_key/explorer/entry
new file mode 100755
index 00000000..78031ab5
--- /dev/null
+++ b/cdist/conf/type/__ssh_authorized_key/explorer/entry
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see .
+#
+
+# extract the keytype and base64 encoded key ignoring any options and comment
+type_and_key="$(cat "$__object/parameter/key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')"
+file="$(cat $__object/parameter/file)"
+
+# get any entries that match the type and key
+grep ".*$type_and_key[ \n]" "$file" || true
diff --git a/cdist/conf/type/__ssh_authorized_key/man.text b/cdist/conf/type/__ssh_authorized_key/man.text
new file mode 100644
index 00000000..b519222c
--- /dev/null
+++ b/cdist/conf/type/__ssh_authorized_key/man.text
@@ -0,0 +1,67 @@
+cdist-type__ssh_authorized_key(7)
+=================================
+Steven Armstrong
+
+
+NAME
+----
+cdist-type__ssh_authorized_key - manage a single ssh authorized key entry
+
+
+DESCRIPTION
+-----------
+Manage a single authorized key entry in an authorized_key file.
+This type was created to be used by the __ssh_authorized_keys type.
+
+
+REQUIRED PARAMETERS
+-------------------
+file::
+ the authorized_keys file to which the given key should be added
+
+key::
+ a string containing the ssh keytype, base 64 encoded key and optional
+ trailing comment which shall be added to the given authorized_keys file.
+
+
+OPTIONAL PARAMETERS
+-------------------
+comment::
+ explicit comment instead of the one which may be trailing the given key
+
+option::
+ an option to set for this authorized_key entry.
+ Can be specified multiple times.
+ See sshd(8) for available options.
+
+state::
+ if the given keys should be 'present' or 'absent', defaults to 'present'.
+
+
+EXAMPLES
+--------
+
+--------------------------------------------------------------------------------
+__ssh_authorized_key some-id \
+ --file "/home/user/.ssh/autorized_keys" \
+ --key "$(cat ~/.ssh/id_rsa.pub)"
+
+__ssh_authorized_key some-id \
+ --file "/home/user/.ssh/autorized_keys" \
+ --key "$(cat ~/.ssh/id_rsa.pub)" \
+ --option 'command="/path/to/script"' \
+ --option 'environment="FOO=bar"' \
+ --comment 'one to rule them all'
+--------------------------------------------------------------------------------
+
+
+SEE ALSO
+--------
+- cdist-type(7)
+- cdist__ssh_authorized_keys(7)
+- sshd(8)
+
+COPYING
+-------
+Copyright \(C) 2014 Steven Armstrong. Free use of this software is
+granted under the terms of the GNU General Public License version 3 (GPLv3).
diff --git a/cdist/conf/type/__ssh_authorized_key/manifest b/cdist/conf/type/__ssh_authorized_key/manifest
new file mode 100755
index 00000000..eb7ae859
--- /dev/null
+++ b/cdist/conf/type/__ssh_authorized_key/manifest
@@ -0,0 +1,75 @@
+#!/bin/sh
+#
+# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see .
+#
+
+file="$(cat "$__object/parameter/file")"
+state="$(cat "$__object/parameter/state")"
+mkdir "$__object/files"
+
+_cksum() {
+ echo "$1" | cksum | cut -d' ' -f 1
+}
+
+_do_line() {
+ file="$1"
+ line="$2"
+ state="$3"
+ line_id="$(_cksum "$file")-$(_cksum "$line")"
+
+ set -- "$line_id"
+ set -- "$@" --file "$file"
+ set -- "$@" --line "$line"
+ set -- "$@" --state "$state"
+ # Ensure __line does not read stdin
+ __line "$@" < /dev/null
+}
+
+# Generate the entry as it should be
+(
+ if [ -f "$__object/parameter/option" ]; then
+ options="$(cat "$__object/parameter/option" | tr '\n' ',')"
+ printf '%s ' "${options%*,}"
+ fi
+ if [ -f "$__object/parameter/comment" ]; then
+ # extract the keytype and base64 encoded key ignoring any options and comment
+ printf '%s ' "$(cat "$__object/parameter/key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')"
+ # override the comment with the one explicitly given
+ printf '%s' "$(cat "$__object/parameter/comment")"
+ else
+ printf '%s' "$(cat "$__object/parameter/key")"
+ fi
+) > "$__object/files/should"
+
+# Check for existing and conflicting entries and remove them
+if [ -s "$__object/explorer/entry" ]; then
+ # We have existing entries for this key.
+ # Check if any of them are in conflict to how the entry should be.
+ # Note that the file has to be sorted for comparison with `comm`.
+ sort "$__object/explorer/entry" > "$__object/files/is"
+ comm -13 "$__object/files/should" "$__object/files/is" | {
+ # Remove conflicting entries
+ while read entry; do
+ _do_line "$file" "$entry" absent
+ done
+ }
+fi
+
+# Manage the actual entry as it should be
+entry="$(cat "$__object/files/should")"
+_do_line "$file" "$entry" "$state"
diff --git a/cdist/conf/type/__ssh_authorized_key/parameter/default/state b/cdist/conf/type/__ssh_authorized_key/parameter/default/state
new file mode 100644
index 00000000..e7f6134f
--- /dev/null
+++ b/cdist/conf/type/__ssh_authorized_key/parameter/default/state
@@ -0,0 +1 @@
+present
diff --git a/cdist/conf/type/__ssh_authorized_key/parameter/optional b/cdist/conf/type/__ssh_authorized_key/parameter/optional
new file mode 100644
index 00000000..89e8d966
--- /dev/null
+++ b/cdist/conf/type/__ssh_authorized_key/parameter/optional
@@ -0,0 +1,2 @@
+comment
+state
diff --git a/cdist/conf/type/__ssh_authorized_key/parameter/optional_multiple b/cdist/conf/type/__ssh_authorized_key/parameter/optional_multiple
new file mode 100644
index 00000000..01925a15
--- /dev/null
+++ b/cdist/conf/type/__ssh_authorized_key/parameter/optional_multiple
@@ -0,0 +1 @@
+option
diff --git a/cdist/conf/type/__ssh_authorized_key/parameter/required b/cdist/conf/type/__ssh_authorized_key/parameter/required
new file mode 100644
index 00000000..d51426c3
--- /dev/null
+++ b/cdist/conf/type/__ssh_authorized_key/parameter/required
@@ -0,0 +1,2 @@
+file
+key