diff --git a/lib/puppet/provider/java_ks/keytool.rb b/lib/puppet/provider/java_ks/keytool.rb
index 3bbef320..b80a80e8 100644
--- a/lib/puppet/provider/java_ks/keytool.rb
+++ b/lib/puppet/provider/java_ks/keytool.rb
@@ -284,13 +284,17 @@ def certificate
     # When no certificate file is specified, we infer the usage of
     # certificate content and create a tempfile containing this value.
     # we leave it to to the tempfile to clean it up after the pupet run exists.
-    file = Tempfile.new('certificate')
-    # Check if the specified value is a Sensitive data type. If so, unwrap it and use
-    # the value.
-    content = @resource[:certificate_content].respond_to?(:unwrap) ? @resource[:certificate_content].unwrap : @resource[:certificate_content]
-    file.write(content)
-    file.close
-    file.path
+    @temp_certificate_file ||= begin
+                                 file = Tempfile.new('certificate')
+                                 # Check if the specified value is a Sensitive data type. If so, unwrap it and use
+                                 # the value.
+                                 content = @resource[:certificate_content].respond_to?(:unwrap) ? @resource[:certificate_content].unwrap : @resource[:certificate_content]
+                                 file.write(content)
+                                 file.close
+                                 file
+                               end
+
+    @temp_certificate_file.path
   end
 
   def private_key
@@ -300,13 +304,16 @@ def private_key
     # When no private key file is specified, we infer the usage of
     # private key content and create a tempfile containing this value.
     # we leave it to to the tempfile to clean it up after the pupet run exists.
-    file = Tempfile.new('private_key')
-    # Check if the specified value is a Sensitive data type. If so, unwrap it and use
-    # the value.
-    content = @resource[:private_key_content].respond_to?(:unwrap) ? @resource[:private_key_content].unwrap : @resource[:private_key_content]
-    file.write(content)
-    file.close
-    file.path
+    @temp_private_key_file ||= begin
+                                 file = Tempfile.new('private_key')
+                                 # Check if the specified value is a Sensitive data type. If so, unwrap it and use
+                                 # the value.
+                                 content = @resource[:private_key_content].respond_to?(:unwrap) ? @resource[:private_key_content].unwrap : @resource[:private_key_content]
+                                 file.write(content)
+                                 file.close
+                                 file
+                               end
+    @temp_private_key_file.path
   end
 
   def private_key_type