diff --git a/Modulefile b/Modulefile
index afbf02f..9493716 100644
--- a/Modulefile
+++ b/Modulefile
@@ -8,4 +8,4 @@ description 'Module to manage .netrc files'
 project_page 'https://github.com/saheba/puppet-netrc.git'
 
 ## Add dependencies, if any:
-# dependency 'username/name', '>= 1.2.0'
+dependency 'puppetlabs-concat', '>= 7.0.0'
diff --git a/manifests/init.pp b/manifests/init.pp
index 69a69be..138591c 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -12,25 +12,47 @@
 #
 # Sample Usage: netrc::foruser("netrc_myuser": user => 'myuser', machine_user_password_triples => [['myserver.localdomain','myuser','pw'],['mysecondserver.localdomain','myuser','pw2']])
 #               you can also override the full path by using the `file_path` parameter.
-# [Remember: No empty lines between comments and class definition]
 class netrc {
-
 }
 
-define netrc::foruser(
-  Enum["present", "absent"]     $ensure = "present",
-  Stdlib::Absolutepath          $home_base_directory  = "/home",
-  String                        $user,
-  String                        $filename             = ".netrc",
-  Stdlib::Absolutepath          $file_path            = "$home_base_directory/$user/$filename",
-  Hash[String, Hash]            $machine_login_password) {
-
-  file { $file_path:
-    ensure  => $ensure,
-    content => epp('netrc/netrc.epp', {
-      machine_login_password => $machine_login_password
-    }),
-    mode    => '0600',
-    owner   => "$user"
+define netrc::usermachine (
+  String $user,
+  String $machine,
+  String $login,
+  Sensitive[String] $password,
+  Optional[String]  $group    = $user,
+  Optional[String]  $filename = '.netrc',
+  Optional[Stdlib::Absolutepath] $file_path = undef,
+) {
+  $user_file = $user ? {
+    'root'  => "/root/${filename}",
+    default => "/home/${user}/${filename}",
+  }
+  $real_file_path = $file_path ? {
+    undef   => $user_file,
+    default => $file_path,
+  }
+  if !defined(Concat[$real_file_path]) {
+    concat { $real_file_path:
+      ensure         => present,
+      mode           => '0600',
+      owner          => $user,
+      group          => $group,
+      ensure_newline => true,
+    }
+    concat::fragment { "${real_file_path}-header":
+      target  => $real_file_path,
+      content => '# File content managed by Puppet',
+    }
+  }
+  concat::fragment { "${user}-${machine}-${login}":
+    target  => $real_file_path,
+    content => Sensitive(epp('netrc/netrc.epp',
+      {
+        machine  => $machine,
+        login    => $login,
+        password => $password,
+      }
+    )),
   }
 }
diff --git a/templates/netrc.epp b/templates/netrc.epp
index d5142ec..a00aa5a 100644
--- a/templates/netrc.epp
+++ b/templates/netrc.epp
@@ -1,3 +1 @@
-<% $machine_login_password.each  |$machine, $value| { -%>
-machine <%= $machine %> login <%= $value['login'] %> password <%= $value['password'] %>
-<%- } -%>
+machine <%= $machine %> login <%= $login %> password <%= $password %>