diff --git a/launch/README b/launch/README
index 16119d7c1f..773d154691 100644
--- a/launch/README
+++ b/launch/README
@@ -3,10 +3,11 @@ Create Server
 
 Note that these instructions assume you're working from this
 directory on an updated local clone of the repository, and that
-your account is a member of the puppet group for access to the
-puppet keys::
+your account is a member of the puppet and salt groups for access
+to their respective keys::
 
   sudo adduser YOURUSER puppet
+  sudo adduser YOURUSER salt
 
 (Remember to log out and back into your shell if you add yourself
 to a group.)
diff --git a/modules/salt/manifests/master.pp b/modules/salt/manifests/master.pp
index 15fae7178f..3a4c6b7af2 100644
--- a/modules/salt/manifests/master.pp
+++ b/modules/salt/manifests/master.pp
@@ -31,11 +31,12 @@ class salt::master {
   }
 
   user { 'salt':
-    ensure => present,
-    gid    => 'salt',
-    home   => '/home/salt',
-    shell  => '/bin/bash',
-    system => true,
+    ensure  => present,
+    gid     => 'salt',
+    home    => '/home/salt',
+    shell   => '/bin/bash',
+    system  => true,
+    require => Group['salt'],
   }
 
   file { '/home/salt':
@@ -56,6 +57,33 @@ class salt::master {
     require => Package['salt-master'],
   }
 
+  file { '/etc/salt/pki':
+    ensure  => directory,
+    owner   => 'salt',
+    group   => 'salt',
+    mode    => '0710',
+    require => [
+      Package['salt-master'],
+      User['salt'],
+    ],
+  }
+
+  file { '/etc/salt/pki/master':
+    ensure  => directory,
+    owner   => 'salt',
+    group   => 'salt',
+    mode    => '0770',
+    require => File['/etc/salt/pki'],
+  }
+
+  file { '/etc/salt/pki/master/minions':
+    ensure  => directory,
+    owner   => 'salt',
+    group   => 'salt',
+    mode    => '0775',
+    require => File['/etc/salt/pki/master'],
+  }
+
   service { 'salt-master':
     ensure    => running,
     enable    => true,