diff --git a/roles/core/salt/files/SALT-PROJECT-GPG-PUBKEY-2023.gpg b/roles/core/salt/files/SALT-PROJECT-GPG-PUBKEY-2023.gpg
new file mode 100644
index 0000000..cf48f60
Binary files /dev/null and b/roles/core/salt/files/SALT-PROJECT-GPG-PUBKEY-2023.gpg differ
diff --git a/roles/core/salt/files/salt.list b/roles/core/salt/files/salt.list
new file mode 100644
index 0000000..f6a5035
--- /dev/null
+++ b/roles/core/salt/files/salt.list
@@ -0,0 +1,16 @@
+#   -------------------------------------------------------------
+#   Salt configuration
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+#   Project:        Nasqueron
+#   License:        Trivial work, not eligible to copyright
+#   Source file:    roles/core/salt/files/salt.list
+#   -------------------------------------------------------------
+#
+#   <auto-generated>
+#       This file is managed by our rOPS SaltStack repository.
+#
+#       Changes to this file may cause incorrect behavior
+#       and will be lost if the state is redeployed.
+#   </auto-generated>
+
+deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/debian/12/amd64/latest bookworm main
diff --git a/roles/core/salt/init.sls b/roles/core/salt/init.sls
index 5215317..3d13089 100644
--- a/roles/core/salt/init.sls
+++ b/roles/core/salt/init.sls
@@ -1,46 +1,58 @@
 #   -------------------------------------------------------------
 #   Salt — Salt configuration
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   Project:        Nasqueron
 #   Created:        2017-06-12
 #   License:        Trivial work, not eligible to copyright
 #   -------------------------------------------------------------
 
 {% from "map.jinja" import dirs with context %}
 {% from "roles/core/certificates/map.jinja" import certificates with context %}
 
 salt_roles:
   grains.list_present:
     - name: roles
     - value: {{ salt['node.get_list']("roles") }}
 
 #   -------------------------------------------------------------
 #   Repository
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 {% if grains['os_family'] == 'RedHat' %}
 /etc/yum.repos.d/salt.repo:
   file.managed:
     - source: salt://roles/core/salt/files/salt.repo
 {% endif %}
 
+{% if grains['os_family'] == 'Debian' %}
+/etc/apt/keyrings/salt-archive-keyring-2023.gpg:
+  file.managed:
+    - source: salt://roles/core/salt/files/SALT-PROJECT-GPG-PUBKEY-2023.gpg
+    - makedirs: True
+
+/etc/apt/sources.list.d/salt.list:
+  file.managed:
+    - source: salt://roles/core/salt/files/salt.list
+    - makedirs: True
+{% endif %}
+
 #   -------------------------------------------------------------
 #   Service
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 {% if grains['os'] == 'FreeBSD' %}
 /etc/rc.conf.d/salt_minion:
   file.managed:
     - source: salt://roles/core/salt/files/rc.conf
 {% endif %}
 
 #   -------------------------------------------------------------
 #   Vault
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 {{ dirs.etc }}/salt/minion.d/vault.conf:
   file.managed:
     - source: salt://roles/core/salt/files/vault.conf
     - template: jinja
     - context:
         certificate: {{ certificates.dir }}/nasqueron-vault-ca.crt