diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0a9a7496..be0903af 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,7 +12,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
 
 ### Added
 
-* Use proper keyrings directory for APT version
+* all: Use proper keyrings directory for APT version
+* all: Add signed-by option for additional APT sources
 * evolinux-base: replace regular kernel by cloud kernel on virtual servers
 * nagios-nrpe: check_haproxy_stats supports DRAIN status
 * lxc-php: set php-fpm umask to 007
diff --git a/apt/templates/evolix_public.list.j2 b/apt/templates/evolix_public.list.j2
index 06de99c0..be7b45e8 100644
--- a/apt/templates/evolix_public.list.j2
+++ b/apt/templates/evolix_public.list.j2
@@ -1,3 +1,3 @@
 # {{ ansible_managed }}
 
-deb http://pub.evolix.net/ {{ ansible_distribution_release }}/
+deb [signed-by={{ apt_keyring_dir }}/reg.asc] http://pub.evolix.net/ {{ ansible_distribution_release }}/
diff --git a/docker-host/tasks/main.yml b/docker-host/tasks/main.yml
index 861a352d..1262dd03 100644
--- a/docker-host/tasks/main.yml
+++ b/docker-host/tasks/main.yml
@@ -27,7 +27,7 @@
 
 - name: Add Docker repository
   apt_repository:
-    repo: 'deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable'
+    repo: 'deb [arch=amd64 signed-by={{ apt_keyring_dir }}/docker-debian.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable'
     state: present
     filename: docker.list
 
diff --git a/elasticsearch/tasks/packages.yml b/elasticsearch/tasks/packages.yml
index 5070d554..bb5b99da 100644
--- a/elasticsearch/tasks/packages.yml
+++ b/elasticsearch/tasks/packages.yml
@@ -40,7 +40,7 @@
 
 - name: Elastic sources list is available
   apt_repository:
-    repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
+    repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
     filename: elastic
     state: present
     update_cache: yes
diff --git a/evolinux-base/tasks/hardware.yml b/evolinux-base/tasks/hardware.yml
index 9762825b..146cf455 100644
--- a/evolinux-base/tasks/hardware.yml
+++ b/evolinux-base/tasks/hardware.yml
@@ -91,7 +91,7 @@
 
     - name: Add HPE repository
       apt_repository:
-        repo: 'deb https://downloads.linux.hpe.com/SDR/repo/mcp {{ ansible_distribution_release }}/current non-free'
+        repo: 'deb [signed-by={{ apt_keyring_dir }}/hpePublicKey2048_key1.asc] https://downloads.linux.hpe.com/SDR/repo/mcp {{ ansible_distribution_release }}/current non-free'
         state: present
       tags:
         - packages
@@ -219,7 +219,7 @@
 
     - name: Add HW tool repository
       apt_repository:
-        repo: 'deb http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main'
+        repo: 'deb [signed-by={{ apt_keyring_dir }}/hwraid.le-vert.net.asc] http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main'
         state: present
       tags:
         - packages
diff --git a/filebeat/tasks/main.yml b/filebeat/tasks/main.yml
index d312a3fb..cde924b1 100644
--- a/filebeat/tasks/main.yml
+++ b/filebeat/tasks/main.yml
@@ -40,7 +40,7 @@
 
 - name: Elastic sources list is available
   apt_repository:
-    repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
+    repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
     filename: elastic
     state: present
     update_cache: yes
diff --git a/jenkins/tasks/main.yml b/jenkins/tasks/main.yml
index 54f1987e..4346ef1e 100644
--- a/jenkins/tasks/main.yml
+++ b/jenkins/tasks/main.yml
@@ -28,7 +28,7 @@
 
 - name: Add jenkins APT repository
   apt_repository:
-    repo: deb http://pkg.jenkins-ci.org/debian-stable binary/
+    repo: deb [signed-by={{ apt_keyring_dir }}/jenkins.asc] http://pkg.jenkins-ci.org/debian-stable binary/
     filename: jenkins
     update_cache: yes
 
diff --git a/kibana/tasks/main.yml b/kibana/tasks/main.yml
index 1978e90e..5e9b0016 100644
--- a/kibana/tasks/main.yml
+++ b/kibana/tasks/main.yml
@@ -40,7 +40,7 @@
 
 - name: Elastic sources list is available
   apt_repository:
-    repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
+    repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
     filename: elastic
     state: present
     update_cache: yes
diff --git a/logstash/tasks/main.yml b/logstash/tasks/main.yml
index ccb2a1bc..9ead6db2 100644
--- a/logstash/tasks/main.yml
+++ b/logstash/tasks/main.yml
@@ -40,7 +40,7 @@
 
 - name: Elastic sources list is available
   apt_repository:
-    repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
+    repo: "deb [signed-by={{ apt_keyring_dir }}/.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
     filename: elastic
     state: present
     update_cache: yes
diff --git a/lxc-php/tasks/php80.yml b/lxc-php/tasks/php80.yml
index a6539bff..b0ff90fe 100644
--- a/lxc-php/tasks/php80.yml
+++ b/lxc-php/tasks/php80.yml
@@ -19,8 +19,8 @@
     create: yes
     mode: "0644"
   loop:
-    - "deb https://packages.sury.org/php/ bullseye main"
-    - "deb http://pub.evolix.net/ bullseye-php80/"
+    - "deb [signed-by={{ apt_keyring_dir }}/sury.gpg] https://packages.sury.org/php/ bullseye main"
+    - "deb [signed-by={{ apt_keyring_dir }}/reg.asc] http://pub.evolix.net/ bullseye-php80/"
 
 - name: copy pub.evolix.net GPG key
   copy:
diff --git a/lxc-php/tasks/php81.yml b/lxc-php/tasks/php81.yml
index 057f15fc..91dc38e1 100644
--- a/lxc-php/tasks/php81.yml
+++ b/lxc-php/tasks/php81.yml
@@ -19,8 +19,8 @@
     create: yes
     mode: "0644"
   loop:
-    - "deb https://packages.sury.org/php/ bullseye main"
-    - "deb http://pub.evolix.net/ bullseye-php81/"
+    - "deb [signed-by={{ apt_keyring_dir }}/sury.gpg] https://packages.sury.org/php/ bullseye main"
+    - "deb [signed-by={{ apt_keyring_dir }}/reg.asc] http://pub.evolix.net/ bullseye-php81/"
 
 - name: copy pub.evolix.net GPG key
   copy:
diff --git a/metricbeat/tasks/main.yml b/metricbeat/tasks/main.yml
index 9f432ffe..021b4ae2 100644
--- a/metricbeat/tasks/main.yml
+++ b/metricbeat/tasks/main.yml
@@ -40,7 +40,7 @@
 
 - name: Elastic sources list is available
   apt_repository:
-    repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
+    repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
     filename: elastic
     state: present
     update_cache: yes
diff --git a/mongodb/tasks/main_bullseye.yml b/mongodb/tasks/main_bullseye.yml
index 2a9a1c3a..4c654ae6 100644
--- a/mongodb/tasks/main_bullseye.yml
+++ b/mongodb/tasks/main_bullseye.yml
@@ -29,7 +29,7 @@
 
 - name: enable APT sources list
   apt_repository:
-    repo: "deb http://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{mongodb_version}} main"
+    repo: "deb [signed-by={{ apt_keyring_dir }}/mongodb-server-{{mongodb_version}}.asc] http://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{mongodb_version}} main"
     state: present
     filename: "mongodb-org-{{mongodb_version}}"
     update_cache: yes
diff --git a/mongodb/tasks/main_buster.yml b/mongodb/tasks/main_buster.yml
index 8de5e447..d2d96a3f 100644
--- a/mongodb/tasks/main_buster.yml
+++ b/mongodb/tasks/main_buster.yml
@@ -23,7 +23,7 @@
 
 - name: enable APT sources list
   apt_repository:
-    repo: "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/{{mongodb_version}} main"
+    repo: "deb [signed-by={{ apt_keyring_dir }}/mongodb-server-{{ mongodb_version }}.asc] http://repo.mongodb.org/apt/debian buster/mongodb-org/{{ mongodb_version }} main"
     state: present
     filename: "mongodb-org-{{mongodb_version}}"
     update_cache: yes
diff --git a/newrelic/tasks/sources.yml b/newrelic/tasks/sources.yml
index bd674f11..ad3545ae 100644
--- a/newrelic/tasks/sources.yml
+++ b/newrelic/tasks/sources.yml
@@ -23,7 +23,7 @@
 
 - name: Install NewRelic repository
   apt_repository:
-    repo: "deb http://apt.newrelic.com/debian/ newrelic non-free"
+    repo: "deb [signed-by={{ apt_keyring_dir }}/newrelic.asc] http://apt.newrelic.com/debian/ newrelic non-free"
     state: present
     filename: newrelic
     update_cache: yes
diff --git a/nodejs/tasks/main.yml b/nodejs/tasks/main.yml
index d127f44f..cdd733f2 100644
--- a/nodejs/tasks/main.yml
+++ b/nodejs/tasks/main.yml
@@ -43,7 +43,7 @@
 
 - name: NodeJS sources list ({{ nodejs_apt_version }}) is available
   apt_repository:
-    repo: "deb https://deb.nodesource.com/{{ nodejs_apt_version }} {{ ansible_distribution_release }} main"
+    repo: "deb [signed-by={{ apt_keyring_dir }}/nodesource.asc] https://deb.nodesource.com/{{ nodejs_apt_version }} {{ ansible_distribution_release }} main"
     filename: nodesource
     update_cache: yes
     state: present
diff --git a/nodejs/tasks/yarn.yml b/nodejs/tasks/yarn.yml
index 6e38f019..f4f2dc37 100644
--- a/nodejs/tasks/yarn.yml
+++ b/nodejs/tasks/yarn.yml
@@ -37,7 +37,7 @@
 
 - name: Yarn sources list is available
   apt_repository:
-    repo: "deb https://dl.yarnpkg.com/debian/ stable main"
+    repo: "deb [signed-by={{ apt_keyring_dir }}/yarn.asc] https://dl.yarnpkg.com/debian/ stable main"
     filename: yarn
     update_cache: yes
     state: present
diff --git a/php/tasks/sury_pre.yml b/php/tasks/sury_pre.yml
index b528268a..eca1d4d6 100644
--- a/php/tasks/sury_pre.yml
+++ b/php/tasks/sury_pre.yml
@@ -20,7 +20,7 @@
 
 - name: Setup deb.sury.org repository - Add source list
   apt_repository:
-    repo: "deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main"
+    repo: "deb [signed-by={{ apt_keyring_dir }}/sury.gpg] https://packages.sury.org/php/ {{ ansible_distribution_release }} main"
     filename: sury
     state: present
 
diff --git a/postgresql/tasks/pgdg-repo.yml b/postgresql/tasks/pgdg-repo.yml
index b6315f37..69374502 100644
--- a/postgresql/tasks/pgdg-repo.yml
+++ b/postgresql/tasks/pgdg-repo.yml
@@ -31,7 +31,7 @@
 
 - name: Add PGDG repository
   apt_repository:
-    repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
+    repo: "deb [signed-by={{ apt_keyring_dir }}/postgresql.asc] http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
     update_cache: yes
 
 - name: Add APT preference file