diff --git a/hieradata/role/puppetdb.yaml b/hieradata/role/puppetdb.yaml
index 3129d31c8c..88b2f4ab34 100644
--- a/hieradata/role/puppetdb.yaml
+++ b/hieradata/role/puppetdb.yaml
@@ -1,6 +1,9 @@
 ---
 classes:
   - "profile::core::common"
+  - "profile::core::docker"
+  - "profile::core::docker::prune"
+  - "profile::core::puppetboard"
   - "puppetdb"
 
 postgresql::globals::manage_dnf_module: true  # use appstream packages
diff --git a/site/profile/manifests/core/puppetboard.pp b/site/profile/manifests/core/puppetboard.pp
new file mode 100644
index 0000000000..13b9351d19
--- /dev/null
+++ b/site/profile/manifests/core/puppetboard.pp
@@ -0,0 +1,22 @@
+# @summary
+#   Install puppetboard https://github.com/voxpupuli/puppetboard
+#
+# @param secret_key
+#  The secret key to use for the puppetboard
+#
+class profile::core::puppetboard (
+  Sensitive $secret_key,
+) {
+  docker::image { 'ghcr.io/voxpupuli/puppetboard': }
+
+  docker::run { 'puppetboard':
+    image => 'ghcr.io/voxpupuli/puppetboard',
+    env   => [
+      'PUPPETDB_HOST=127.0.0.1',
+      'PUPPETDB_PORT=8080',
+      'PUPPETBOARD_PORT=8088',
+      "SECRET_KEY=${secret_key.unwrap}",
+    ],
+    net   => 'host',
+  }
+}
diff --git a/spec/fixtures/hieradata/common.yaml b/spec/fixtures/hieradata/common.yaml
index 4bf966be30..2e3eef8674 100644
--- a/spec/fixtures/hieradata/common.yaml
+++ b/spec/fixtures/hieradata/common.yaml
@@ -1,5 +1,7 @@
 ---
 lookup_options:
+  profile::core::puppetboard::secret_key:
+    convert_to: "Sensitive"
   '^profile::.+::keytab_base64$':
     convert_to: "Sensitive"
   '^tailscale::auth_key$':
@@ -8,9 +10,9 @@ ccs_database::database: "comcamdbprod"
 ccs_database::password: "foo"
 ipa::admin_password: "foofoofoofoo"  # ipa master only
 ipa::directory_services_password: "foofoofoofoo"  # ipa master only
-ipa::domain_join_password: "foofoofoofoo"  # 8 char min
 foreman_proxy::plugin::dns::route53::aws_access_key: "foo"
 foreman_proxy::plugin::dns::route53::aws_secret_key: "foo"
+ipa::domain_join_password: "foofoofoofoo"  # 8 char min
 profile::ccs::file_transfer::s3daemon_env_access: "foo"
 profile::ccs::file_transfer::s3daemon_env_secret: "foo"
 profile::ccs::postfix::auth: "foo"
@@ -18,7 +20,8 @@ profile::core::monitoring::database: "foo"
 profile::core::monitoring::password: "foo"
 profile::core::monitoring::url: "foo"
 profile::core::monitoring::username: "foo"
-tailscale::auth_key: "foo"
+profile::core::puppetboard::secret_key: "foo"
 restic::id: "foo"
 restic::key: "foo"
 restic::password: "foo"
+tailscale::auth_key: "foo"
diff --git a/spec/hosts/roles/puppetdb_spec.rb b/spec/hosts/roles/puppetdb_spec.rb
index 0b0a59c6a9..6363dabebd 100644
--- a/spec/hosts/roles/puppetdb_spec.rb
+++ b/spec/hosts/roles/puppetdb_spec.rb
@@ -27,6 +27,25 @@
   end
 end
 
+shared_examples 'puppetboard' do
+  it { is_expected.to contain_class('docker') }
+  it { is_expected.to contain_cron__job('docker_prune') }
+  it { is_expected.to contain_docker__image('ghcr.io/voxpupuli/puppetboard') }
+
+  it do
+    is_expected.to contain_docker__run('puppetboard').with(
+      image: 'ghcr.io/voxpupuli/puppetboard',
+      env: [
+        'PUPPETDB_HOST=127.0.0.1',
+        'PUPPETDB_PORT=8080',
+        'PUPPETBOARD_PORT=8088',
+        'SECRET_KEY=foo',
+      ],
+      net: 'host',
+    )
+  end
+end
+
 role = 'puppetdb'
 
 describe "#{role} role" do
@@ -53,6 +72,7 @@
 
           include_examples 'common', os_facts: os_facts, site: site
           include_examples 'puppetdb'
+          include_examples 'puppetboard'
         end # host
       end # lsst_sites
     end