diff --git a/roles/archweb/defaults/main.yml b/roles/archweb/defaults/main.yml
index fdd476fea0a452d894b3d91f9a12a8fd5fe9dc28..34727cdcc46bbbf9047bec9f45506cc2be1a0e8d 100644
--- a/roles/archweb/defaults/main.yml
+++ b/roles/archweb/defaults/main.yml
@@ -3,5 +3,7 @@ archweb_dir: '/srv/http/archweb'
 archweb_domain: 'www.archlinux.org'
 archweb_site: true
 archweb_mirrorcheck: false
+archweb_pgp_import: false
+archweb_keyring: '/etc/pacman.d/gnupg/pubring.gpg'
 archweb_reporead: false
-archweb_services: false
\ No newline at end of file
+archweb_services: false
diff --git a/roles/archweb/tasks/main.yml b/roles/archweb/tasks/main.yml
index e667c7616bdeaa64969153535064dd3cf493b71a..f380664c87eb41752c78e20de0331f44270240b9 100644
--- a/roles/archweb/tasks/main.yml
+++ b/roles/archweb/tasks/main.yml
@@ -59,6 +59,20 @@
     - daemon reload
   when: archweb_services or archweb_mirrorcheck
 
+- name: install pgp_import service
+  template: src="archweb-pgp_import.service.j2" dest="/etc/systemd/system/archweb-pgp_import.service" owner=root group=root mode=0644
+  notify:
+    - daemon reload
+  when: archweb_services or archweb_pgp_import
+
+- name: create pacman.d hooks dir
+  file: state=directory owner=root group=root path="/etc/pacman.d/hooks"
+  when: archweb_services or archweb_pgp_import
+
+- name: install pgp_import hook
+  template: src="archweb-pgp_import-pacman-hook.j2" dest="/etc/pacman.d/hooks/archweb-pgp_import.hook" owner=root group=root mode=0644
+  when: archweb_services or archweb_pgp_import
+
 - name: install archweb memcached service
   template: src="archweb-memcached.service.j2" dest="/etc/systemd/system/archweb-memcached.service" owner=root group=root mode=0644
   notify:
diff --git a/roles/archweb/templates/archweb-pgp_import-pacman-hook.j2 b/roles/archweb/templates/archweb-pgp_import-pacman-hook.j2
new file mode 100644
index 0000000000000000000000000000000000000000..02a87ae3833d67190f7f247fc3c78d9d76c73e13
--- /dev/null
+++ b/roles/archweb/templates/archweb-pgp_import-pacman-hook.j2
@@ -0,0 +1,9 @@
+[Trigger]
+Operation = Install
+Operation = Upgrade
+Type = Package
+Target = archlinux-keyring
+
+[Action]
+When = PostTransaction
+Exec = /usr/bin/systemctl start archweb-pgp_import
diff --git a/roles/archweb/templates/archweb-pgp_import.service.j2 b/roles/archweb/templates/archweb-pgp_import.service.j2
new file mode 100644
index 0000000000000000000000000000000000000000..bfa2b64f66fed89c1599edc0bb3e37860e58554e
--- /dev/null
+++ b/roles/archweb/templates/archweb-pgp_import.service.j2
@@ -0,0 +1,11 @@
+[Unit]
+Description=archewb pgp_import
+
+[Service]
+Type=oneshot
+User=archweb
+WorkingDirectory={{ archweb_dir }}
+ExecStart={{ archweb_dir }}/env/bin/python manage.py pgp_import {{ archweb_keyring }}
+
+[Install]
+WantedBy=multi-user.target