}
```
+### Manage login configuration settings for an APT source or proxy in `/etc/apt/auth.conf`
+
+Starting with APT version 1.5, you can define login configuration settings, such as
+username and password, for APT sources or proxies that require authentication
+in the `/etc/apt/auth.conf` file. This is preferable to embedding login
+information directly in `source.list` entries, which are usually world-readable.
+
+The `/etc/apt/auth.conf` file follows the format of netrc (used by ftp or
+curl) and has restrictive file permissions. See
+https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for details.
+
+Use the optional `apt::auth_conf_entries` parameter to specify an array of
+hashes containing login configuration settings. These hashes may only contain
+the `machine`, `login` and `password` keys.
+
+```puppet
+class { 'apt':
+ auth_conf_entries => [
+ {
+ 'machine' => 'apt-proxy.example.net',
+ 'login' => 'proxylogin',
+ 'password' => 'proxypassword',
+ },
+ {
+ 'machine' => 'apt.example.com/ubuntu',
+ 'login' => 'reader',
+ 'password' => 'supersecret',
+ },
+ ],
+}
+```
+
## Reference
### Classes
* `https`: Specifies whether to enable https proxies. Valid options: `true` and `false`. Default: `false`.
* `ensure`: Optional parameter. Valid options: 'file', 'present', and 'absent'. Default: `undef`. Prefer 'file' over 'present'.
-
+
* `direct`: Specifies whether or not to use a 'DIRECT' https proxy if http proxy is used but https is not. Valid options: `true` and `false`. Default: `false`.
* `purge`: Specifies whether to purge any existing settings that aren't managed by Puppet. Valid options: a hash made up from the following keys:
* `settings`: Creates new `apt::setting` resources. Valid options: a hash to be passed to the [`create_resources` function](https://docs.puppetlabs.com/references/latest/function.html#createresources). Default: {}.
+* `auth_conf_entries`: An optional array of login configuration settings (hashes) that will be recorded in the file `/etc/apt/auth.conf`. This file has a netrc-like format (similar to what curl uses) and contains the login configuration for APT sources and proxies that require authentication. See https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for details. If specified each hash must contain the keys `machine`, `login` and `password` and no others. Default: [].
+
* `sources`: Creates new `apt::source` resources. Valid options: a hash to be passed to the [`create_resources` function](https://docs.puppetlabs.com/references/latest/function.html#createresources). Default: {}.
* `pins`: Creates new `apt::pin` resources. Valid options: a hash to be passed to the [`create_resources` function](https://docs.puppetlabs.com/references/latest/function.html#createresources). Default: {}.
## Limitations
-This module is tested and officially supported on Debian 6 and 7 and Ubuntu 10.04, 12.04, and 14.04. Testing on other platforms has been light and cannot be guaranteed.
+This module is tested and officially supported on Debian 8 and 9 and Ubuntu 14.04, and 16.04. Testing on other platforms has been light and cannot be guaranteed.
This module is not designed to be split across [run stages](https://docs.puppetlabs.com/puppet/latest/reference/lang_run_stages.html).