diff --git a/REFERENCE.md b/REFERENCE.md
index a724c27..47faabe 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -34,6 +34,7 @@ The following parameters are available in the `elastic_stack::repo` class:
 * [`base_repo_url`](#-elastic_stack--repo--base_repo_url)
 * [`gpg_key_source`](#-elastic_stack--repo--gpg_key_source)
 * [`apt_keyring_name`](#-elastic_stack--repo--apt_keyring_name)
+* [`gpg_key_path`](#-elastic_stack--repo--gpg_key_path)
 
 ##### <a name="-elastic_stack--repo--oss"></a>`oss`
 
@@ -101,3 +102,11 @@ Use `.asc` if the key is armored and `.gpg` if it's unarmored
 
 Default value: `'elastic-keyring.asc'`
 
+##### <a name="-elastic_stack--repo--gpg_key_path"></a>`gpg_key_path`
+
+Data type: `Stdlib::Absolutepath`
+
+The path where the GPG key should be stored (APT only)
+
+Default value: `'/usr/share/keyrings'`
+
diff --git a/manifests/repo.pp b/manifests/repo.pp
index ddaa31f..57bd922 100644
--- a/manifests/repo.pp
+++ b/manifests/repo.pp
@@ -14,16 +14,18 @@
 # @param gpg_key_source The gpg key for the repo
 # @param apt_keyring_name The keyring filename to create (APT only)
 #   The filename extention is important here.
-#   Use `.asc` if the key is armored and `.gpg` if it's unarmored  
+#   Use `.asc` if the key is armored and `.gpg` if it's unarmored
+# @param gpg_key_path The path where the GPG key should be stored (APT only)
 class elastic_stack::repo (
-  Boolean            $oss                       = false,
-  Boolean            $prerelease                = false,
-  Optional[Integer]  $priority                  = undef,
-  String             $proxy                     = 'absent',
-  Integer            $version                   = 7,
-  Stdlib::Filesource $gpg_key_source            = 'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
-  String[1]          $apt_keyring_name          = 'elastic-keyring.asc',
-  Optional[String]  $base_repo_url             = undef,
+  Boolean              $oss                       = false,
+  Boolean              $prerelease                = false,
+  Optional[Integer]    $priority                  = undef,
+  String               $proxy                     = 'absent',
+  Integer              $version                   = 7,
+  Stdlib::Filesource   $gpg_key_source            = 'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
+  String[1]            $apt_keyring_name          = 'elastic-keyring.asc',
+  Stdlib::Absolutepath $gpg_key_path              = '/usr/share/keyrings',
+  Optional[String]     $base_repo_url             = undef,
 ) {
   if $prerelease {
     $version_suffix = '.x-prerelease'
@@ -72,16 +74,20 @@
     'Debian': {
       include apt
 
+      apt::keyring { $apt_keyring_name:
+        ensure => present,
+        source => $gpg_key_source,
+        dir    => $gpg_key_path,
+      }
+
       apt::source { 'elastic':
         comment  => $description,
         location => $base_url,
         release  => 'stable',
         repos    => 'main',
-        key      => {
-          'name'   => $apt_keyring_name,
-          'source' => $gpg_key_source,
-        },
         pin      => $priority,
+        keyring  => "${gpg_key_path}/${apt_keyring_name}",
+        require  => Apt::Keyring[$apt_keyring_name],
       }
     }
     'RedHat', 'Linux': {
diff --git a/spec/classes/repo_spec.rb b/spec/classes/repo_spec.rb
index 3ab8c76..e59e9c3 100644
--- a/spec/classes/repo_spec.rb
+++ b/spec/classes/repo_spec.rb
@@ -38,8 +38,10 @@ def declare_zypper(version: '7.x', **params)
       case facts[:os]['family']
       when 'Debian'
         it { is_expected.to declare_apt }
+        it { is_expected.to contain_apt__keyring('elastic-keyring.asc') }
       when 'RedHat'
         it { is_expected.to declare_yum }
+        it { is_expected.to contain_exec('elastic_yumrepo_yum_clean') }
       when 'Suse'
         it { is_expected.to declare_zypper }
         it { is_expected.to contain_exec('elastic_suse_import_gpg').with(command: rpm_key_cmd) }