changed_when expression for --recv-key imports misses new subkeys, revocations, signatures, etc.

[psivesely]

When using changed_when: in combination with command: gpg --recv-key ... you are only considering a change to have happened when the key is imported for the first time. This ignores the creation and revocation of subkeys or the key itself, new signatures, etc.. A more comprehensive changed_when will probably require a bit of tinkering to figure out, but will make for a more polished playbook. Nice too would be to print this info out during execution, perhaps using the debug module.

[conorsch]

The ideal solution would handle GPG key management in a generalized sense. Unfortunately Ansible doesn't offer a module for gpg keys (as of v2.0.2). The best community module I've found is this one, but I haven't tested whether it addresses the concerns you raise here.