diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7e76278..ca8dfa4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,22 +2,30 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [v4.3.1](https://github.com/puppetlabs/puppetlabs-java_ks/tree/v4.3.1) (2022-05-24)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-java_ks/compare/v4.3.0...v4.3.1)
+
+### Added
+
+- Don't require certificate or private key params when ensure: absent [\#399](https://github.com/puppetlabs/puppetlabs-java_ks/pull/399) ([tparkercbn](https://github.com/tparkercbn))
+
 ## [v4.3.0](https://github.com/puppetlabs/puppetlabs-java_ks/tree/v4.3.0) (2022-04-05)
 
 [Full Changelog](https://github.com/puppetlabs/puppetlabs-java_ks/compare/v4.2.0...v4.3.0)
 
 ### Added
 
-- pdksync - \(IAC-1751\) - Add Support for Rocky 8 [\#380](https://github.com/puppetlabs/puppetlabs-java_ks/pull/380) ([david22swan](https://github.com/david22swan))
+- Add support for certificate\_content and private\_key\_content parameters [\#385](https://github.com/puppetlabs/puppetlabs-java_ks/pull/385) ([hajee](https://github.com/hajee))
 - pdksync - \(IAC-1753\) - Add Support for AlmaLinux 8 [\#381](https://github.com/puppetlabs/puppetlabs-java_ks/pull/381) ([david22swan](https://github.com/david22swan))
-- Add support for certificate_content and private_key_content parameters [\#385](https://github.com/puppetlabs/puppetlabs-java_ks/pull/385) ([hajee](https://github.com/hajee))
+- pdksync - \(IAC-1751\) - Add Support for Rocky 8 [\#380](https://github.com/puppetlabs/puppetlabs-java_ks/pull/380) ([david22swan](https://github.com/david22swan))
 
 ### Fixed
 
-- Fix "password" as Property [\#378](https://github.com/puppetlabs/puppetlabs-java_ks/pull/373782) ([cocker-cc](https://github.com/cocker-cc))
-- pdksync - \(IAC-1598\) - Remove Support for Debian 8 [\#379](https://github.com/puppetlabs/puppetlabs-java_ks/pull/379) ([david22swan](https://github.com/david22swan))
-- pdksync - \(IAC-1787\) Remove Support for CentOS 6 [\#384](https://github.com/puppetlabs/puppetlabs-java_ks/pull/384) ([david22swan](https://github.com/david22swan))
 - pdksync - \(GH-iac-334\) Remove Support for Ubuntu 14.04/16.04 [\#390](https://github.com/puppetlabs/puppetlabs-java_ks/pull/390) ([david22swan](https://github.com/david22swan))
+- pdksync - \(IAC-1787\) Remove Support for CentOS 6 [\#384](https://github.com/puppetlabs/puppetlabs-java_ks/pull/384) ([david22swan](https://github.com/david22swan))
+- pdksync - \(IAC-1598\) - Remove Support for Debian 8 [\#379](https://github.com/puppetlabs/puppetlabs-java_ks/pull/379) ([david22swan](https://github.com/david22swan))
+- Fix "password" as Property [\#378](https://github.com/puppetlabs/puppetlabs-java_ks/pull/378) ([cocker-cc](https://github.com/cocker-cc))
 
 ## [v4.2.0](https://github.com/puppetlabs/puppetlabs-java_ks/tree/v4.2.0) (2021-08-25)
 
diff --git a/REFERENCE.md b/REFERENCE.md
index 7185e1d..044743b 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -54,20 +54,28 @@ insync? for this parameter to accomplish this.
 
 Default value: `present`
 
+##### `password`
+
+The password used to protect the keystore.  If private keys are
+subsequently also protected this password will be used to attempt
+unlocking. Must be six or more characters in length. Cannot be used
+together with :password_file, but you must pass at least one of these parameters.
+
 #### Parameters
 
 The following parameters are available in the `java_ks` type.
 
 * [`certificate`](#certificate)
+* [`certificate_content`](#certificate_content)
 * [`chain`](#chain)
 * [`destkeypass`](#destkeypass)
 * [`keytool_timeout`](#keytool_timeout)
 * [`name`](#name)
-* [`password`](#password)
 * [`password_fail_reset`](#password_fail_reset)
 * [`password_file`](#password_file)
 * [`path`](#path)
 * [`private_key`](#private_key)
+* [`private_key_content`](#private_key_content)
 * [`private_key_type`](#private_key_type)
 * [`provider`](#provider)
 * [`source_alias`](#source_alias)
@@ -78,8 +86,13 @@ The following parameters are available in the `java_ks` type.
 
 ##### <a name="certificate"></a>`certificate`
 
-A server certificate, followed by zero or more intermediate certificate authorities.
-All certificates will be placed in the keystore.  This will autorequire the specified file.
+A file containing a server certificate, followed by zero or more intermediate certificate authorities.
+All certificates will be placed in the keystore. This will autorequire the specified file.
+
+##### <a name="certificate_content"></a>`certificate_content`
+
+A string containing a server certificate, followed by zero or more intermediate certificate authorities.
+All certificates will be placed in the keystore.
 
 ##### <a name="chain"></a>`chain`
 
@@ -103,13 +116,6 @@ namevar
 The alias that is used to identify the entry in the keystore. This will be
 converted to lowercase.
 
-##### <a name="password"></a>`password`
-
-The password used to protect the keystore.  If private keys are
-subsequently also protected this password will be used to attempt
-unlocking. Must be six or more characters in length. Cannot be used
-together with :password_file, but you must pass at least one of these parameters.
-
 ##### <a name="password_fail_reset"></a>`password_fail_reset`
 
 Valid values: ``true``, ``false``
@@ -134,7 +140,16 @@ Paths can be specified as an array or as a '
 
 If you want an application to be a server and encrypt traffic,
 you will need a private key.  Private key entries in a keystore must be
-accompanied by a signed certificate for the keytool provider. This will autorequire the specified file.
+accompanied by a signed certificate for the keytool provider. This parameter
+allows you to specify the file name containing the private key. This will autorequire
+the specified file.
+
+##### <a name="private_key_content"></a>`private_key_content`
+
+If you want an application to be a server and encrypt traffic,
+you will need a private key.  Private key entries in a keystore must be
+accompanied by a signed certificate for the keytool provider. This parameter allows you to specify the content
+of the private key.
 
 ##### <a name="private_key_type"></a>`private_key_type`
 
diff --git a/metadata.json b/metadata.json
index e08cd8a..b2c5004 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-java_ks",
-  "version": "4.3.0",
+  "version": "4.3.1",
   "author": "puppetlabs",
   "summary": "Manage arbitrary Java keystore files",
   "license": "Apache-2.0",