diff --git a/roles/apt_repository/tasks/main.yml b/roles/apt_repository/tasks/main.yml
index 16bdd4a..153ee63 100644
--- a/roles/apt_repository/tasks/main.yml
+++ b/roles/apt_repository/tasks/main.yml
@@ -17,11 +17,12 @@
     repo_options: "{{ repo_options + ['arch=' + repo_arch] }}"
   when: repo_arch | length > 0
 
-- name: Esnure /etc/apt/keyrings exists
+- name: Ensure /etc/apt/keyrings exists
   ansible.builtin.file:
     path: /etc/apt/keyrings
     state: directory
     mode: "0755"
+  register: keyrings_exists
 
 - name: Remove legacy repo {{ repo_name }}
   ansible.builtin.apt_repository:
@@ -30,16 +31,23 @@
     filename: "{{ repo_name }}"
     state: absent
 
+- name: Set repo key dest variable
+  ansible.builtin.set_fact:
+    repo_key_dest: "/etc/apt/keyrings/{{ repo_name }}.asc"
+
 - name: Get repo signing key
   ansible.builtin.get_url:
     url: "{{ repo_key_url }}"
-    dest: "{{ '/etc/apt/keyrings/' + repo_name + '.asc' if not ansible_check_mode else '/dev/null' }}"
+    dest: "{{ repo_key_dest if not (keyrings_exists.changed and ansible_check_mode) else '/dev/null' }}"
     mode: "0644"
   register: repo_key
+  changed_when:
+    - not ansible_check_mode
+    - repo_key.changed
 
 - name: Add signed-by to repo_options
   ansible.builtin.set_fact:
-    repo_options: "{{ repo_options + ['signed-by=' + repo_key.dest] }}"
+    repo_options: "{{ repo_options + ['signed-by=' + repo_key_dest] }}"
 
 - name: Add repo {{ repo_name }}
   ansible.builtin.apt_repository: