diff --git a/debian-bullseye-build/Dockerfile b/debian-bullseye-build/Dockerfile
index b1e7cd57..4f09929b 100644
--- a/debian-bullseye-build/Dockerfile
+++ b/debian-bullseye-build/Dockerfile
@@ -64,10 +64,9 @@ RUN	apt-get update && \
 # Make respawn.sh part of this image, so it can be used by other images based on it
 COPY	.common/respawn.sh /usr/local/bin/respawn.sh
 
-COPY	.common/Release.key /tmp/Release.key
-RUN	apt-key add /tmp/Release.key && \
-	rm /tmp/Release.key && \
-	echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-nightly.list
+COPY	.common/Release.key /usr/share/keyrings/osmocom-nightly.asc
+RUN	echo "deb [signed-by=/usr/share/keyrings/osmocom-nightly.asc] $OSMOCOM_REPO ./" \
+		> /etc/apt/sources.list.d/osmocom-nightly.list
 
 # Invalidate cache once the repository is updated
 ADD	$OSMOCOM_REPO/Release /tmp/Release
diff --git a/debian-bullseye-erlang/Dockerfile b/debian-bullseye-erlang/Dockerfile
index e7a584e9..9477ebc6 100644
--- a/debian-bullseye-erlang/Dockerfile
+++ b/debian-bullseye-erlang/Dockerfile
@@ -44,10 +44,9 @@ RUN	apt-get update && \
 RUN	apt-get update && apt-get install -y \
 		ca-certificates \
 		gnupg
-COPY	.common/Release.key /tmp/Release.key
-RUN	apt-key add /tmp/Release.key && \
-	rm /tmp/Release.key && \
-	echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-latest.list
+COPY	.common/Release.key /usr/share/keyrings/osmocom-latest.asc
+RUN	echo "deb [signed-by=/usr/share/keyrings/osmocom-latest.asc] $OSMOCOM_REPO ./" \
+		> /etc/apt/sources.list.d/osmocom-latest.list
 ADD	$OSMOCOM_REPO/Release /tmp/Release
 
 # add a non-root user under which we will normaly execute build tests
diff --git a/debian-bullseye-jenkins/Dockerfile b/debian-bullseye-jenkins/Dockerfile
index 2ef9bba6..71ee08c3 100644
--- a/debian-bullseye-jenkins/Dockerfile
+++ b/debian-bullseye-jenkins/Dockerfile
@@ -161,10 +161,9 @@ ENV LANG en_US.UTF-8
 # * osmo-remsim: libulfius
 # * osmo-trx: liblimesuite-dev, libuhd-dev
 ARG	OSMOCOM_REPO="${OSMOCOM_REPO_MIRROR}/${OSMOCOM_REPO_PATH}/nightly/Debian_11/"
-COPY	.common/Release.key /tmp/Release.key
-RUN	apt-key add /tmp/Release.key && \
-	rm /tmp/Release.key && \
-	echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-nightly.list
+COPY	.common/Release.key /usr/share/keyrings/osmocom-nightly.asc
+RUN	echo "deb [signed-by=/usr/share/keyrings/osmocom-nightly.asc] $OSMOCOM_REPO ./" \
+		> /etc/apt/sources.list.d/osmocom-nightly.list
 ADD	$OSMOCOM_REPO/Release /tmp/Release
 RUN	apt-get update && \
 	apt-get install -y --no-install-recommends \
diff --git a/debian-bullseye-obs-latest/Dockerfile b/debian-bullseye-obs-latest/Dockerfile
index 16320c04..3ab7e1a5 100644
--- a/debian-bullseye-obs-latest/Dockerfile
+++ b/debian-bullseye-obs-latest/Dockerfile
@@ -15,10 +15,9 @@ RUN	apt-get update && \
 		&& \
 	apt-get clean
 
-COPY	.common/Release.key /tmp/Release.key
-RUN	apt-key add /tmp/Release.key && \
-	rm /tmp/Release.key && \
-	echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-latest.list
+COPY	.common/Release.key /usr/share/keyrings/osmocom-latest.asc
+RUN	echo "deb [signed-by=/usr/share/keyrings/osmocom-latest.asc] $OSMOCOM_REPO ./" \
+		> /etc/apt/sources.list.d/osmocom-latest.list
 
 # Make respawn.sh part of this image, so it can be used by other images based on it
 COPY	.common/respawn.sh /usr/local/bin/respawn.sh
diff --git a/debian-bullseye-titan/Dockerfile b/debian-bullseye-titan/Dockerfile
index 49650a0f..c9f53926 100644
--- a/debian-bullseye-titan/Dockerfile
+++ b/debian-bullseye-titan/Dockerfile
@@ -9,11 +9,9 @@ RUN	apt-get update && apt-get install -y \
 		ca-certificates \
 		gnupg
 
-COPY	.common/Release.key /tmp/Release.key
-
-RUN	apt-key add /tmp/Release.key && \
-	rm /tmp/Release.key && \
-	echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-latest.list
+COPY	.common/Release.key /usr/share/keyrings/osmocom-latest.asc
+RUN	echo "deb [signed-by=/usr/share/keyrings/osmocom-latest.asc] $OSMOCOM_REPO ./" \
+		> /etc/apt/sources.list.d/osmocom-latest.list
 
 ADD	$OSMOCOM_REPO/Release /tmp/Release
 RUN	apt-get update && \
diff --git a/open5gs-latest/Dockerfile b/open5gs-latest/Dockerfile
index 519701ca..683f7c78 100644
--- a/open5gs-latest/Dockerfile
+++ b/open5gs-latest/Dockerfile
@@ -1,20 +1,25 @@
 ARG	REGISTRY=docker.io
 FROM	${REGISTRY}/debian:bullseye
+ARG	OPEN5GS_REPO_HOST="https://download.opensuse.org"
+ARG	OPEN5GS_REPO_PATH="repositories/home:/acetcom:/open5gs:"
+ARG	OPEN5GS_REPO="${OPEN5GS_REPO_HOST}/${OPEN5GS_REPO_PATH}/latest/Debian_11"
+ARG	OPEN5GS_KEY=/usr/share/keyrings/open5gs-latest.asc
+ARG	MONGODB_KEY=/usr/share/keyrings/mongodb-org.asc
 
 
 RUN	apt-get update && \
 	apt-get install -y --no-install-recommends \
 		ca-certificates \
-		gnupg
+		gnupg \
+		wget
 
-ADD	https://download.opensuse.org/repositories/home:/acetcom:/open5gs:/latest/Debian_11/Release.key /tmp/Release.key
-ADD	https://pgp.mongodb.com/server-5.0.asc /tmp/server-5.0.asc
-
-RUN	echo "deb http://download.opensuse.org/repositories/home:/acetcom:/open5gs:/latest/Debian_11/ ./" \
+RUN	echo "deb [signed-by=$OPEN5GS_KEY] $OPEN5GS_REPO/ ./" \
 		> /etc/apt/sources.list.d/open5gs.list
-RUN	echo "deb http://repo.mongodb.org/apt/debian bullseye/mongodb-org/5.0 main" \
+RUN	echo "deb [signed-by=$MONGODB_KEY] http://repo.mongodb.org/apt/debian bullseye/mongodb-org/5.0 main" \
 		> /etc/apt/sources.list.d/mongodb-org.list
-RUN	apt-key add /tmp/Release.key && apt-key add /tmp/server-5.0.asc
+
+RUN	wget "$OPEN5GS_REPO/Release.key" -O "$OPEN5GS_KEY" && \
+	wget "https://pgp.mongodb.com/server-5.0.asc" -O "$MONGODB_KEY"
 
 RUN	apt-get update && \
 	apt-get install -y \