diff --git a/REFERENCE.md b/REFERENCE.md
index 5455082..88f584b 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -35,9 +35,27 @@ folder the module also manages distrusting system default CA certificates.
 
 ```puppet
 class { 'ca_cert': }
+```
+
+##### Purge unmanaged user CAs
 
+```puppet
 class { 'ca_cert':
-  manage_all_user_CAs => true,
+  purge_unmanaged_CAs => true,
+}
+```
+
+##### Custom certificates handling
+
+```puppet
+class { 'ca_cert':
+  update_cmd        => '/usr/bin/c_rehash',
+  trusted_cert_dir  => '/var/ssl/certs,
+  cert_dir_group    => 'system',
+  cert_dir_mode     => '0755',
+  ca_file_group     => 'system',
+  ca_file_mode      => '0644',
+  ca_file_extension => 'pem',
 }
 ```
 
@@ -78,7 +96,7 @@ Default value: `$ca_cert::params::update_cmd`
 
 ##### <a name="-ca_cert--trusted_cert_dir"></a>`trusted_cert_dir`
 
-Data type: `String[1]`
+Data type: `Stdlib::Absolutepath`
 
 Absolute directory path to the folder containing trusted certificates.
 
@@ -86,7 +104,7 @@ Default value: `$ca_cert::params::trusted_cert_dir`
 
 ##### <a name="-ca_cert--distrusted_cert_dir"></a>`distrusted_cert_dir`
 
-Data type: `Optional[String[1]]`
+Data type: `Optional[Stdlib::Absolutepath]`
 
 Absolute directory path to the folder containing distrusted certificates.
 
@@ -103,7 +121,7 @@ Default value: `$ca_cert::params::cert_dir_group`
 
 ##### <a name="-ca_cert--cert_dir_mode"></a>`cert_dir_mode`
 
-Data type: `String[1]`
+Data type: `Stdlib::Filemode`
 
 The installed  trusted certificate's POSIX filesystem permissions. This uses
 the same syntax as Puppet's native file resource's "mode" parameter.
@@ -122,7 +140,7 @@ Default value: `$ca_cert::params::ca_file_group`
 
 ##### <a name="-ca_cert--ca_file_mode"></a>`ca_file_mode`
 
-Data type: `String[1]`
+Data type: `Stdlib::Filemode`
 
 The installed CA certificate's POSIX filesystem permissions. This uses
 the same syntax as Puppet's native file resource's "mode" parameter.
@@ -140,7 +158,7 @@ Default value: `$ca_cert::params::ca_file_extension`
 
 ##### <a name="-ca_cert--package_ensure"></a>`package_ensure`
 
-Data type: `String[1]`
+Data type: `Stdlib::Ensure::Package`
 
 The ensure parameter to pass to the package resource.
 
@@ -234,7 +252,7 @@ Default value: `'text'`
 
 ##### <a name="-ca_cert--ca--ensure"></a>`ensure`
 
-Data type: `String`
+Data type: `Enum['present', 'trusted', 'distrusted', 'absent']`
 
 Whether or not the CA certificate should be on a system or not. Valid
 values are trusted, present, distrusted, and absent. Note: untrusted is
diff --git a/manifests/ca.pp b/manifests/ca.pp
index ddfbdfa..2fbaa9a 100644
--- a/manifests/ca.pp
+++ b/manifests/ca.pp
@@ -33,11 +33,11 @@
 #   The type of file checksum. (defauts to undef)
 #
 define ca_cert::ca (
-  String $ensure                 = 'trusted',
-  String $source                 = 'text',
-  Boolean $verify_https_cert     = true,
-  Optional[String] $ca_text      = undef,
-  Optional[String] $checksum     = undef,
+  Enum['present', 'trusted', 'distrusted', 'absent'] $ensure = 'trusted',
+  String $source = 'text',
+  Boolean $verify_https_cert = true,
+  Optional[String] $ca_text = undef,
+  Optional[String] $checksum = undef,
   Optional[String[1]] $checksum_type = undef,
 ) {
   include ca_cert
diff --git a/manifests/init.pp b/manifests/init.pp
index c3e47f0..095a1a0 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -80,14 +80,14 @@
 class ca_cert (
   String[1] $package_name = $ca_cert::params::package_name,
   String[1] $update_cmd = $ca_cert::params::update_cmd,
-  String[1] $trusted_cert_dir = $ca_cert::params::trusted_cert_dir,
-  Optional[String[1]] $distrusted_cert_dir = $ca_cert::params::distrusted_cert_dir,
+  Stdlib::Absolutepath $trusted_cert_dir = $ca_cert::params::trusted_cert_dir,
+  Optional[Stdlib::Absolutepath] $distrusted_cert_dir = $ca_cert::params::distrusted_cert_dir,
   String[1] $cert_dir_group = $ca_cert::params::cert_dir_group,
   String[1] $ca_file_group = $ca_cert::params::ca_file_group,
-  String[1] $cert_dir_mode = $ca_cert::params::cert_dir_mode,
-  String[1] $ca_file_mode = $ca_cert::params::ca_file_mode,
+  Stdlib::Filemode $cert_dir_mode = $ca_cert::params::cert_dir_mode,
+  Stdlib::Filemode $ca_file_mode = $ca_cert::params::ca_file_mode,
   String[1] $ca_file_extension = $ca_cert::params::ca_file_extension,
-  String[1] $package_ensure = 'installed',
+  Stdlib::Ensure::Package $package_ensure = 'installed',
   Boolean $always_update_certs = false,
   Boolean $purge_unmanaged_CAs = false, # lint:ignore:variable_contains_upcase lint:ignore:variable_is_lowercase
   Boolean $install_package = true,