In this talk (for PuppetConf 2014) I describe new capabilities in Puppet's certificate autosigning code which provide greater flexibility and power than what was previously available. I walk through end-to-end usage from instance creation to using Amazon EC2 metadata embedded in an instance's certificate from your Puppet modules