diff --git a/salt/elasticsearch/auth.sls b/salt/elasticsearch/auth.sls
index a51abca1c..e8ab1e378 100644
--- a/salt/elasticsearch/auth.sls
+++ b/salt/elasticsearch/auth.sls
@@ -7,3 +7,6 @@ elastic_auth_pillar:
             enabled: False
             user: so_elastic
             pass: {{ salt['random.get_str'](20) }}
+    # since we are generating a random password, and we don't want that to happen everytime
+    # a highstate runs, we only manage the file if it doesn't exist
+    - unless: ls /opt/so/saltstack/local/pillar/elasticsearch/auth.sls
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index f0eee6d44..7005a66c5 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -260,9 +260,6 @@ elastic_curl_config:
   file.managed:
     - name: /opt/so/conf/elasticsearch/curl.config
     - mode: 600
-    # since we are generating a random password, and we don't want that to happen everytime
-    # a highstate runs, we only manage the file if it doesn't exist
-    - unless: ls /opt/so/conf/elasticsearch/curl.config
 
 {% endif %} {# if grains['role'] != 'so-helix' #}
 
diff --git a/salt/top.sls b/salt/top.sls
index 8a12aaa26..f3f2958ae 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -238,6 +238,7 @@ base:
     {%- endif %}
     {%- if ELASTICSEARCH %}
     - elasticsearch
+    - elasticsearch.auth
     {%- endif %} 
     {%- if LOGSTASH %}
     - logstash