Change requisite clausule.
Add check for existing key for idempotency.
diff --git a/linux/system/repo.sls b/linux/system/repo.sls
index 50ec3fe..5d4a567 100644
--- a/linux/system/repo.sls
+++ b/linux/system/repo.sls
@@ -142,7 +142,8 @@
 linux_repo_{{ name }}_key:
   cmd.run:
     - name: "echo '{{ repo.key }}' | apt-key add -"
-    - onchange:
+    - unless: "apt-key finger --with-colons | grep -qF $(echo '{{ repo-key }} | gpg --with-fingerprint --with-colons | grep -E '^fpr')"
+    - require_in:
       - pkgrepo: linux_repo_{{ name }}
 
 {%- elif repo.key_url|default(False) %}
@@ -150,7 +151,8 @@
 linux_repo_{{ name }}_key:
   cmd.run:
     - name: "curl -s {{ repo.key_url }} | apt-key add -"
-    - onchange:
+    - unless: "apt-key finger --with-colons | grep -qF $(curl -s {{ repo.key_url }} | gpg --with-fingerprint --with-colons | grep -E '^fpr')"
+    - require_in:
       - pkgrepo: linux_repo_{{ name }}
 
 {%- endif %}