diff --git a/scripts/ansible b/scripts/ansible
index d1f049cd8..db5e13737 100755
--- a/scripts/ansible
+++ b/scripts/ansible
@@ -92,13 +92,18 @@ if [ ! -f /etc/debian_version ]; then    # e.g. RaspiOS, Ubuntu, Mint & Debian
     exit 1
 fi
 
-# JV just manually use the key from this repo 2021-04-22
-echo -e "\napt update; use local keys for PPA in /etc/apt/sources.list.d/iiab-ansible.list\n"
+# 2021-04-26: JV & @holta WIP. The apt-key command is dangerous and going away:
+# https://www.linuxuprising.com/2021/01/apt-key-is-deprecated-how-to-add.html
+# So we put .gpg key in repo iiab/iiab, also for reliable installs/containers.
+
+#echo -e "\napt update; install dirmngr; PPA to /etc/apt/sources.list.d/iiab-ansible.list\n"
 #$APT_PATH/apt update
 #$APT_PATH/apt -y install dirmngr
 
-echo "deb [signed-by=/opt/iiab/iiab/scripts/iiab-ansible.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \
+#echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \
+echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \
      > /etc/apt/sources.list.d/iiab-ansible.list
+
 # In future we might instead consider 'add-apt-repository ppa:ansible/ansible'
 # or 'apt-add-repository ppa:ansible/bionic/ansible' etc, e.g. for streamlined
 # removal using 'apt-add-repository -r' -- however that currently requires
@@ -110,12 +115,15 @@ echo "deb [signed-by=/opt/iiab/iiab/scripts/iiab-ansible.gpg] http://ppa.launchp
 # problem).  This workaround installs 2.9.6-1ppa~disco onto RaspiOS, from
 # https://launchpad.net/~ansible/+archive/ubuntu/ansible
 #echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu disco main" \
-    #    > /etc/apt/sources.list.d/iiab-ansible.list
+#    > /etc/apt/sources.list.d/iiab-ansible.list
 
-# JV 2021-04-22
+# 2021-04-26: JV & @holta WIP: (see above)
 #echo -e '\nIF YOU FACE ERROR "signatures couldn'"'"'t be verified because the public key is not available" THEN REPEATEDLY RE-RUN "sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367"\n'
 #apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367
-echo -e 'PPA source "deb http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"'
+cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg
+#chmod 644 /usr/share/keyrings/iiab-ansible-keyring.gpg
+
+echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"'
 echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n"
 echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO"
 echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n'
diff --git a/scripts/iiab-ansible.gpg b/scripts/iiab-ansible-keyring.gpg
similarity index 100%
rename from scripts/iiab-ansible.gpg
rename to scripts/iiab-ansible-keyring.gpg