diff --git a/manifests/agent/auth.pp b/manifests/agent/auth.pp
deleted file mode 100644
index ea1bce25..00000000
--- a/manifests/agent/auth.pp
+++ /dev/null
@@ -1,82 +0,0 @@
-# == Class: ceilometer::agent::auth
-#
-# DEPRECATED !
-# The ceilometer::agent::auth class helps configure common
-# auth settings for the agents.
-#
-# === Parameters:
-#
-# [*auth_url*]
-#   (Optional) the keystone public endpoint
-#   Defaults to undef.
-#
-# [*auth_region*]
-#   (Optional) the keystone region of this node
-#   Defaults to undef.
-#
-# [*auth_user*]
-#   (Optional) the keystone user for ceilometer services
-#   Defaults to undef.
-#
-# [*auth_password*]
-#   (Required) the keystone password for ceilometer services
-#
-# [*auth_tenant_name*]
-#   (Optional) the keystone tenant name for ceilometer services
-#   Defaults to undef.
-#
-# [*auth_tenant_id*]
-#   (Optional) the keystone tenant id for ceilometer services.
-#   Defaults to undef.
-#
-# [*auth_cacert*]
-#   (Optional) Certificate chain for SSL validation.
-#   Defaults to 'None'.
-#
-# [*auth_endpoint_type*]
-#   (Optional) Type of endpoint in Identity service catalog to use for
-#   communication with OpenStack services.
-#   Defaults to undef.
-#
-# [*auth_user_domain_name*]
-#   (Optional) domain name for auth user.
-#   Defaults to undef.
-#
-# [*auth_project_domain_name*]
-#   (Optional) domain name for auth project.
-#   Defaults to undef.
-#
-# [*auth_type*]
-#   (Optional) Authentication type to load.
-#   Defaults to undef.
-#
-class ceilometer::agent::auth (
-  $auth_password,
-  $auth_url                 = undef,
-  $auth_region              = undef,
-  $auth_user                = undef,
-  $auth_tenant_name         = undef,
-  $auth_tenant_id           = undef,
-  $auth_cacert              = undef,
-  $auth_endpoint_type       = undef,
-  $auth_user_domain_name    = undef,
-  $auth_project_domain_name = undef,
-  $auth_type                = undef
-) {
-
-  include ceilometer::deps
-
-  warning('The ceilometer::agent::auth class has been deprecated. \
-Use the ceilometer::agent::service_credentials classs instead')
-
-  include ceilometer::agent::service_credentials
-
-  # Since we use names instead of ids for keystone credentials in most of
-  # our modules, we'll just deprecated this feature and don't migrate this
-  # to the new service_credentials class.
-  if $auth_tenant_id {
-    ceilometer_config {
-      'service_credentials/project_id' : value => $auth_tenant_id;
-    }
-  }
-}
diff --git a/manifests/agent/service_credentials.pp b/manifests/agent/service_credentials.pp
index 5d3ed310..54bc58ab 100644
--- a/manifests/agent/service_credentials.pp
+++ b/manifests/agent/service_credentials.pp
@@ -5,6 +5,9 @@
 #
 # === Parameters:
 #
+# [*password*]
+#   (Required) the keystone password for ceilometer services
+#
 # [*auth_url*]
 #   (Optional) the keystone public endpoint
 #   Defaults to 'http://localhost:5000'.
@@ -17,9 +20,6 @@
 #   (Optional) the keystone user for ceilometer services
 #   Defaults to 'ceilometer'.
 #
-# [*password*]
-#   (Required) the keystone password for ceilometer services
-#
 # [*project_name*]
 #   (Optional) the keystone project name for ceilometer services
 #   Defaults to 'services'.
@@ -46,7 +46,7 @@
 #   Defaults to 'password'.
 #
 class ceilometer::agent::service_credentials (
-  $password            = false,
+  $password,
   $auth_url            = 'http://localhost:5000',
   $region_name         = $::os_service_default,
   $username            = 'ceilometer',
@@ -60,31 +60,16 @@ class ceilometer::agent::service_credentials (
 
   include ceilometer::deps
 
-  $password_real = pick($::ceilometer::agent::auth::auth_password, $password)
-  if ! $password_real {
-    fail('The password parameter is required')
-  }
-
-  $auth_url_real = pick($::ceilometer::agent::auth::auth_url, $auth_url)
-  $region_name_real = pick($::ceilometer::agent::auth::auth_region, $region_name)
-  $username_real = pick($::ceilometer::agent::auth::auth_user, $username)
-  $project_name_real = pick($::ceilometer::agent::auth::auth_tenant_name, $project_name)
-  $cafile_real = pick($::ceilometer::agent::auth::auth_cacert, $cafile)
-  $interface_real = pick($::ceilometer::agent::auth::auth_endpoint_type, $interface)
-  $user_domain_name_real = pick($::ceilometer::agent::auth::auth_user_domain_name, $user_domain_name)
-  $project_domain_name_real = pick($::ceilometer::agent::auth::auth_project_domain_name, $project_domain_name)
-  $auth_type_real = pick($::ceilometer::agent::auth::auth_type, $auth_type)
-
   ceilometer_config {
-    'service_credentials/auth_url'           : value => $auth_url_real;
-    'service_credentials/region_name'        : value => $region_name_real;
-    'service_credentials/username'           : value => $username_real;
-    'service_credentials/password'           : value => $password_real, secret => true;
-    'service_credentials/project_name'       : value => $project_name_real;
-    'service_credentials/cafile'             : value => $cafile_real;
-    'service_credentials/interface'          : value => $interface_real;
-    'service_credentials/user_domain_name'   : value => $user_domain_name_real;
-    'service_credentials/project_domain_name': value => $project_domain_name_real;
-    'service_credentials/auth_type'          : value => $auth_type_real;
+    'service_credentials/auth_url'           : value => $auth_url;
+    'service_credentials/region_name'        : value => $region_name;
+    'service_credentials/username'           : value => $username;
+    'service_credentials/password'           : value => $password, secret => true;
+    'service_credentials/project_name'       : value => $project_name;
+    'service_credentials/cafile'             : value => $cafile;
+    'service_credentials/interface'          : value => $interface;
+    'service_credentials/user_domain_name'   : value => $user_domain_name;
+    'service_credentials/project_domain_name': value => $project_domain_name;
+    'service_credentials/auth_type'          : value => $auth_type;
   }
 }
diff --git a/releasenotes/notes/remove-auth-7d9ed7c16e0856e9.yaml b/releasenotes/notes/remove-auth-7d9ed7c16e0856e9.yaml
new file mode 100644
index 00000000..31ec7c56
--- /dev/null
+++ b/releasenotes/notes/remove-auth-7d9ed7c16e0856e9.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    The deprecated ``ceilometer::agent::auth`` class has been removed. Use
+    the ``ceilometer::agent::service_credentials`` class instead.
diff --git a/spec/classes/ceilometer_agent_auth_spec.rb b/spec/classes/ceilometer_agent_auth_spec.rb
deleted file mode 100644
index 9a97a30f..00000000
--- a/spec/classes/ceilometer_agent_auth_spec.rb
+++ /dev/null
@@ -1,63 +0,0 @@
-require 'spec_helper'
-
-describe 'ceilometer::agent::auth' do
-
-  let :pre_condition do
-    "class { 'ceilometer': telemetry_secret => 's3cr3t' }"
-  end
-
-  let :params do
-    { :auth_url         => 'http://localhost:5000',
-      :auth_region      => '<SERVICE DEFAULT>',
-      :auth_user        => 'ceilometer',
-      :auth_password    => 'password',
-      :auth_tenant_name => 'services',
-    }
-  end
-
-  shared_examples_for 'ceilometer-agent-auth' do
-
-    it 'configures authentication' do
-      is_expected.to contain_ceilometer_config('service_credentials/auth_url').with_value('http://localhost:5000')
-      is_expected.to contain_ceilometer_config('service_credentials/region_name').with_value('<SERVICE DEFAULT>')
-      is_expected.to contain_ceilometer_config('service_credentials/username').with_value('ceilometer')
-      is_expected.to contain_ceilometer_config('service_credentials/password').with_value('password').with_secret(true)
-      is_expected.to contain_ceilometer_config('service_credentials/project_name').with_value('services')
-      is_expected.to contain_ceilometer_config('service_credentials/cafile').with_value('<SERVICE DEFAULT>')
-      is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value('Default')
-      is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value('Default')
-      is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value('password')
-    end
-
-    context 'when overriding parameters' do
-      before do
-        params.merge!(
-          :auth_cacert               => '/tmp/dummy.pem',
-          :auth_endpoint_type        => 'internalURL',
-          :auth_type                 => 'password',
-          :auth_user_domain_name     => 'MyDomain',
-          :auth_project_domain_name  => 'MyProjDomain',
-        )
-      end
-      it { is_expected.to contain_ceilometer_config('service_credentials/cafile').with_value(params[:auth_cacert]) }
-      it { is_expected.to contain_ceilometer_config('service_credentials/interface').with_value(params[:auth_endpoint_type]) }
-      it { is_expected.to contain_ceilometer_config('service_credentials/user_domain_name').with_value(params[:auth_user_domain_name]) }
-      it { is_expected.to contain_ceilometer_config('service_credentials/project_domain_name').with_value(params[:auth_project_domain_name]) }
-      it { is_expected.to contain_ceilometer_config('service_credentials/auth_type').with_value(params[:auth_type]) }
-    end
-
-  end
-
-  on_supported_os({
-    :supported_os => OSDefaults.get_supported_os
-  }).each do |os,facts|
-    context "on #{os}" do
-      let (:facts) do
-        facts.merge!(OSDefaults.get_facts())
-      end
-
-      it_behaves_like 'ceilometer-agent-auth'
-    end
-  end
-
-end