diff --git a/roles/hetzner_storagebox/templates/authorized_keys.j2 b/roles/hetzner_storagebox/templates/authorized_keys.j2
index 45e8e4705fb219afc4f4843e2f771978e830c2f0..d742cd4cf283cdd75b398b9d4571bdeafd957bee 100644
--- a/roles/hetzner_storagebox/templates/authorized_keys.j2
+++ b/roles/hetzner_storagebox/templates/authorized_keys.j2
@@ -1,7 +1,14 @@
 #jinja2: lstrip_blocks: True
 # Arch DevOps keys
-{% for user in root_ssh_keys | sort(attribute='key') -%}
-	{{ lookup('file', '../pubkeys/' + user.key) }}
+{% for user in root_ssh_keys | sort(attribute="key") -%}
+	{% if user.hosts is not defined or inventory_hostname in user.hosts -%}
+		{{ lookup('file', role_path + '/../../pubkeys/' + user.key ) }}
+		{% if user.additional_keys is defined %}
+			{% for key in user.additional_keys | sort -%}
+				{{ lookup('file', role_path + '/../../pubkeys/' + key ) }}
+			{% endfor %}
+		{% endif %}
+	{% endif %}
 {% endfor %}
 
 # Client machines keys
diff --git a/roles/root_ssh/templates/authorized_keys.j2 b/roles/root_ssh/templates/authorized_keys.j2
index d513564c83732e64e4225cd1ab9a07e1e5c70648..624e9f53d608f7fe3809ea27dd55dfee457d3dc1 100644
--- a/roles/root_ssh/templates/authorized_keys.j2
+++ b/roles/root_ssh/templates/authorized_keys.j2
@@ -2,5 +2,10 @@
 {% for user in root_ssh_keys | sort(attribute="key") -%}
 	{% if user.hosts is not defined or inventory_hostname in user.hosts -%}
 		{{ lookup('file', role_path + '/../../pubkeys/' + user.key ) }}
+		{% if user.additional_keys is defined %}
+			{% for key in user.additional_keys | sort -%}
+				{{ lookup('file', role_path + '/../../pubkeys/' + key ) }}
+			{% endfor %}
+		{% endif %}
 	{% endif %}
 {% endfor %}
diff --git a/roles/rsync_net/templates/authorized_keys.j2 b/roles/rsync_net/templates/authorized_keys.j2
index 45e8e4705fb219afc4f4843e2f771978e830c2f0..d742cd4cf283cdd75b398b9d4571bdeafd957bee 100644
--- a/roles/rsync_net/templates/authorized_keys.j2
+++ b/roles/rsync_net/templates/authorized_keys.j2
@@ -1,7 +1,14 @@
 #jinja2: lstrip_blocks: True
 # Arch DevOps keys
-{% for user in root_ssh_keys | sort(attribute='key') -%}
-	{{ lookup('file', '../pubkeys/' + user.key) }}
+{% for user in root_ssh_keys | sort(attribute="key") -%}
+	{% if user.hosts is not defined or inventory_hostname in user.hosts -%}
+		{{ lookup('file', role_path + '/../../pubkeys/' + user.key ) }}
+		{% if user.additional_keys is defined %}
+			{% for key in user.additional_keys | sort -%}
+				{{ lookup('file', role_path + '/../../pubkeys/' + key ) }}
+			{% endfor %}
+		{% endif %}
+	{% endif %}
 {% endfor %}
 
 # Client machines keys