The puppet apt repository PGP key has expired some days ago
/etc/apt/trusted.gpg.d//puppetlabs-keyring.gpg
----------------------------------------------
pub 4096R/4BD6EC30 2010-07-10 [expired: 2016-07-08]
uid Puppet Labs Release Key (Puppet Labs Release Key)
Of course, it can be updated manually
apt-key adv --recv-keys --keyserver keys.gnupg.net 4BD6EC30
However, can it be updated via a Puppet run automatically (for example via the Puppet apt module)?
Best Answer
This is what we started using (thanks garthk):
More discussion in a ticket open for the apt module