diff --git a/.github/labeler.yml b/.github/labeler.yml
index 5c7cfcd..df903d6 100644
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -4,6 +4,12 @@
 # SPDX-License-Identifier: Apache-2.0
 
 ---
+ssh_keys:
+  - changed-files:
+      - any-glob-to-any-file:
+          - "roles/ssh_keys/**"
+          - "molecule/ssh_keys/**"
+          - ".github/workflows/ssh_keys.yml"
 unattended_upgrades:
   - changed-files:
       - any-glob-to-any-file:
diff --git a/.github/workflows/ssh_keys.yml b/.github/workflows/ssh_keys.yml
new file mode 100644
index 0000000..02e0f44
--- /dev/null
+++ b/.github/workflows/ssh_keys.yml
@@ -0,0 +1,85 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+name: "hifis.ssh_keys"
+
+on:
+  pull_request:
+    paths:
+      - '.github/workflows/ssh_keys.yml'
+      - 'roles/ssh_keys/**'
+      - 'molecule/ssh_keys/**'
+      - 'Pipfile'
+      - 'Pipfile.lock'
+  push:
+    branches:
+      - "main"
+    tags:
+      - "v*.*.*"
+    paths:
+      - '.github/workflows/ssh_keys.yml'
+      - 'roles/ssh_keys/**'
+      - 'molecule/ssh_keys/**'
+      - 'Pipfile'
+      - 'Pipfile.lock'
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+
+  test:
+    name: "Run Molecule tests."
+    runs-on: "ubuntu-22.04"
+    env:
+      PY_COLORS: 1
+      ANSIBLE_FORCE_COLOR: 1
+    strategy:
+      fail-fast: false
+      matrix:
+        image:
+          - "ghcr.io/hifis-net/centos-systemd:7"
+          - "ghcr.io/hifis-net/almalinux-systemd:8"
+          - "ghcr.io/hifis-net/almalinux-systemd:9"
+          - "ghcr.io/hifis-net/ubuntu-systemd:18.04"
+          - "ghcr.io/hifis-net/ubuntu-systemd:20.04"
+          - "ghcr.io/hifis-net/ubuntu-systemd:22.04"
+          - "ghcr.io/hifis-net/debian-systemd:10"
+          - "ghcr.io/hifis-net/debian-systemd:11"
+
+    steps:
+      - name: "Check out the codebase."
+        uses: "actions/checkout@v4"
+        with:
+          path: "ansible_collections/hifis/toolkit"
+
+      - name: "Prepare the job environment."
+        uses: "./ansible_collections/hifis/toolkit/.github/workflows/prepare-action"
+
+      # https://github.com/ansible/molecule/issues/3806
+      - name: "Help molecule to find the dependencies"
+        run: |
+          mkdir -p /home/runner/.ansible
+          ln -s /home/runner/work/ansible-collection-toolkit/ansible-collection-toolkit/ansible_collections/hifis/toolkit/roles \
+            /home/runner/.ansible/roles
+
+      - name: "Install modern podman"
+        run: |
+          sudo mkdir -p /etc/apt/keyrings
+          curl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/Release.key \
+            | gpg --dearmor \
+            | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null
+          echo \
+            "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\
+              https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/ /" \
+            | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null
+          sudo apt-get update -qq
+          sudo apt-get -qq -y install podman
+
+      - name: "Run Molecule tests."
+        run: "pipenv run molecule test -s ssh_keys"
+        env:
+          MOLECULE_IMAGE: "${{ matrix.image }}"
+        working-directory: "ansible_collections/hifis/toolkit"
diff --git a/README.md b/README.md
index 0a225b7..304ed79 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,7 @@ SPDX-License-Identifier: Apache-2.0
 [![Latest release](https://img.shields.io/github/v/release/hifis-net/ansible-collection-toolkit)](https://github.com/hifis-net/ansible-collection-toolkit/releases)
 [![hifis.unattended_upgrades](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/unattended_upgrades.yml/badge.svg)](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/unattended_upgrades.yml)
 [![hifis.zammad](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/zammad.yml/badge.svg)](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/zammad.yml)
+[![DOI](https://zenodo.org/badge/495697576.svg)](https://zenodo.org/doi/10.5281/zenodo.11147483)
 
 ## Description
 
@@ -28,7 +29,7 @@ software engineers, but not exclusively. The following use cases are supported:
 * OS-related:
   * [**unattended-upgrades**](roles/unattended_upgrades)
   * [netplan](https://github.com/hifis-net/ansible-role-gitlab-netplan) (coming soon!)
-  * managing and distributing authorized [SSH keys](https://github.com/hifis-net/ansible-role-ssh-keys) (coming soon!)
+  * distribute authorized [**SSH keys**](role/ssh_keys) to users
 
 ## Minimum required Ansible-version
 
diff --git a/UNATTENDED_UPGRADES_CHANGELOG.md b/UNATTENDED_UPGRADES_CHANGELOG.md
index fcb65b5..44ffc77 100644
--- a/UNATTENDED_UPGRADES_CHANGELOG.md
+++ b/UNATTENDED_UPGRADES_CHANGELOG.md
@@ -1,3 +1,10 @@
+<!--
+SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
 # Changelog
 
 ## [v3.3.0](https://github.com/hifis-net/ansible-collection-toolkit/tree/v3.3.0) (2024-03-01)
diff --git a/UNATTENDED_UPGRADES_CHANGELOG.md.license b/UNATTENDED_UPGRADES_CHANGELOG.md.license
deleted file mode 100644
index 565650c..0000000
--- a/UNATTENDED_UPGRADES_CHANGELOG.md.license
+++ /dev/null
@@ -1,4 +0,0 @@
-SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
-SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
-
-SPDX-License-Identifier: Apache-2.0
diff --git a/molecule/ssh_keys/converge.yml b/molecule/ssh_keys/converge.yml
new file mode 100644
index 0000000..30a26dd
--- /dev/null
+++ b/molecule/ssh_keys/converge.yml
@@ -0,0 +1,22 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+- name: "Converge"
+  hosts: "all"
+  vars:
+    ssh_user_list:
+      - name: "dummyuser"
+        authorized_keys:
+          - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJi3wBlOT+oR8Rd+YQsV8tUoQOd3NSUuyzJYQp8finD6 john@example.com"
+        create_user_account: true
+      - name: "root"
+        authorized_keys:
+          - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJi3wBlOT+oR8Rd+YQsV8tUoQOd3NSUuyzJYQp8finD6 john@example.com"
+          - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDXkvy8jMmw45grnmYK+Ylk/mcc7IyG9taNseNiVrGjR8KRHVJpzEntW1g6SAomIGIpBLvviiyhal4E1v1bhpv2JopbiM3JDOck6gwc4AfpanjuZFPuq6stq5pF7bb2C+zliw16zTFL7bp09tD7nNs30GlchB5DU2sSn1zq4iC+eQ== john@example.com" # noqa 204
+  tasks:
+    - name: "Include ssh_keys role"
+      ansible.builtin.include_role:
+        name: "hifis.toolkit.ssh_keys"
diff --git a/molecule/ssh_keys/molecule.yml b/molecule/ssh_keys/molecule.yml
new file mode 100644
index 0000000..6ba5efd
--- /dev/null
+++ b/molecule/ssh_keys/molecule.yml
@@ -0,0 +1,24 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+dependency:
+  name: "galaxy"
+  options:
+    requirements-file: "molecule/ssh_keys/requirements.yml"
+driver:
+  name: "podman"
+platforms:
+  - name: "instance"
+    image: "${MOLECULE_IMAGE:-ghcr.io/hifis-net/ubuntu-systemd:22.04}"
+    pre_build_image: true
+    privileged: true
+    override_command: false
+    systemd: true
+    tty: true
+provisioner:
+  name: "ansible"
+verifier:
+  name: "ansible"
diff --git a/molecule/ssh_keys/requirements.yml b/molecule/ssh_keys/requirements.yml
new file mode 100644
index 0000000..63dc6f8
--- /dev/null
+++ b/molecule/ssh_keys/requirements.yml
@@ -0,0 +1,9 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+
+collections:
+  - name: "ansible.posix"
diff --git a/molecule/ssh_keys/verify.yml b/molecule/ssh_keys/verify.yml
new file mode 100644
index 0000000..1a9d3ee
--- /dev/null
+++ b/molecule/ssh_keys/verify.yml
@@ -0,0 +1,42 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+- name: "Verify"
+  hosts: "all"
+  tasks:
+    - name: "Ensure ssh dummy user is present"
+      ansible.builtin.user:
+        name: "dummyuser"
+        state: "present"
+      register: "dummyuser"
+      failed_when: "dummyuser.changed"
+
+    - name: "Ensure ssh key for newly created user is present"
+      ansible.builtin.lineinfile:
+        path: "/home/dummyuser/.ssh/authorized_keys"
+        regexp: '^{{ ssh_public_key }}(.*)$'
+        line: '{{ ssh_public_key }}\1'
+        state: "present"
+        backrefs: true
+      check_mode: true
+      register: "line_in_file"
+      failed_when: "(line_in_file.changed) or (line_in_file.failed)"
+      vars:
+        ssh_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJi3wBlOT+oR8Rd+YQsV8tUoQOd3NSUuyzJYQp8finD6 john@example.com"
+
+    - name: "Ensure ssh key for existing user is present"
+      ansible.builtin.lineinfile:
+        path: "/root/.ssh/authorized_keys"
+        regexp: '^{{ item }}(.*)$'
+        line: '{{ item }}\1'
+        state: "present"
+        backrefs: true
+      check_mode: true
+      register: "line_in_file"
+      failed_when: "(line_in_file.changed) or (line_in_file.failed)"
+      loop:
+        - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJi3wBlOT+oR8Rd+YQsV8tUoQOd3NSUuyzJYQp8finD6 john@example.com"
+        - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDXkvy8jMmw45grnmYK+Ylk/mcc7IyG9taNseNiVrGjR8KRHVJpzEntW1g6SAomIGIpBLvviiyhal4E1v1bhpv2JopbiM3JDOck6gwc4AfpanjuZFPuq6stq5pF7bb2C+zliw16zTFL7bp09tD7nNs30GlchB5DU2sSn1zq4iC+eQ== john@example.com" # noqa 204
diff --git a/requirements.yml b/requirements.yml
index 1764797..4e5cf05 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -6,4 +6,5 @@
 ---
 
 collections:
+  - name: "ansible.posix"
   - name: "community.crypto"
diff --git a/roles/ssh_keys/CHANGELOG.md b/roles/ssh_keys/CHANGELOG.md
new file mode 100644
index 0000000..a31c695
--- /dev/null
+++ b/roles/ssh_keys/CHANGELOG.md
@@ -0,0 +1,133 @@
+<!--
+SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
+# Changelog
+
+## [Unreleased](https://github.com/hifis-net/ansible-role-ssh-keys/tree/HEAD)
+
+[Full Changelog](https://github.com/hifis-net/ansible-role-ssh-keys/compare/v1.4.0...HEAD)
+
+**Merged pull requests:**
+
+- Bump ansible-lint from 6.14.0 to 6.22.2 [\#101](https://github.com/hifis-net/ansible-role-ssh-keys/pull/101) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible from 6.5.0 to 8.7.0 [\#99](https://github.com/hifis-net/ansible-role-ssh-keys/pull/99) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump yamllint from 1.28.0 to 1.35.1 [\#98](https://github.com/hifis-net/ansible-role-ssh-keys/pull/98) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump reuse from 1.1.0 to 3.0.1 [\#97](https://github.com/hifis-net/ansible-role-ssh-keys/pull/97) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump molecule from 4.0.3 to 6.0.3 [\#96](https://github.com/hifis-net/ansible-role-ssh-keys/pull/96) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible-lint from 6.9.0 to 6.14.0 [\#95](https://github.com/hifis-net/ansible-role-ssh-keys/pull/95) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump reuse from 1.0.0 to 1.1.0 [\#78](https://github.com/hifis-net/ansible-role-ssh-keys/pull/78) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible-lint from 6.8.6 to 6.9.0 [\#77](https://github.com/hifis-net/ansible-role-ssh-keys/pull/77) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible-lint from 6.8.4 to 6.8.6 [\#73](https://github.com/hifis-net/ansible-role-ssh-keys/pull/73) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible-lint from 6.8.3 to 6.8.4 [\#71](https://github.com/hifis-net/ansible-role-ssh-keys/pull/71) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible-lint from 6.8.2 to 6.8.3 [\#70](https://github.com/hifis-net/ansible-role-ssh-keys/pull/70) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump molecule from 4.0.2 to 4.0.3 [\#69](https://github.com/hifis-net/ansible-role-ssh-keys/pull/69) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump molecule from 4.0.1 to 4.0.2 [\#67](https://github.com/hifis-net/ansible-role-ssh-keys/pull/67) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible-lint from 6.8.0 to 6.8.2 [\#66](https://github.com/hifis-net/ansible-role-ssh-keys/pull/66) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible from 6.4.0 to 6.5.0 [\#65](https://github.com/hifis-net/ansible-role-ssh-keys/pull/65) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible-lint from 6.5.2 to 6.8.0 [\#63](https://github.com/hifis-net/ansible-role-ssh-keys/pull/63) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump molecule-podman from 2.0.2 to 2.0.3 [\#62](https://github.com/hifis-net/ansible-role-ssh-keys/pull/62) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible from 6.3.0 to 6.4.0 [\#58](https://github.com/hifis-net/ansible-role-ssh-keys/pull/58) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump yamllint from 1.27.1 to 1.28.0 [\#57](https://github.com/hifis-net/ansible-role-ssh-keys/pull/57) ([dependabot[bot]](https://github.com/apps/dependabot))
+
+## [v1.4.0](https://github.com/hifis-net/ansible-role-ssh-keys/tree/v1.4.0) (2022-09-05)
+
+[Full Changelog](https://github.com/hifis-net/ansible-role-ssh-keys/compare/v1.3.0...v1.4.0)
+
+**Implemented enhancements:**
+
+- Create users if the are not present [\#48](https://github.com/hifis-net/ansible-role-ssh-keys/issues/48)
+
+**Closed issues:**
+
+- Add a contribution guide [\#16](https://github.com/hifis-net/ansible-role-ssh-keys/issues/16)
+
+**Merged pull requests:**
+
+- Prepare release v1.4.0 [\#56](https://github.com/hifis-net/ansible-role-ssh-keys/pull/56) ([Normo](https://github.com/Normo))
+- Add contribution guide [\#55](https://github.com/hifis-net/ansible-role-ssh-keys/pull/55) ([Normo](https://github.com/Normo))
+- Bump ansible-lint from 6.4.0 to 6.5.2 [\#54](https://github.com/hifis-net/ansible-role-ssh-keys/pull/54) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Add CITATION.cff [\#53](https://github.com/hifis-net/ansible-role-ssh-keys/pull/53) ([Normo](https://github.com/Normo))
+- Bump ansible from 6.2.0 to 6.3.0 [\#51](https://github.com/hifis-net/ansible-role-ssh-keys/pull/51) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Ensure ssh users are present [\#49](https://github.com/hifis-net/ansible-role-ssh-keys/pull/49) ([Normo](https://github.com/Normo))
+- Bump ansible from 6.1.0 to 6.2.0 [\#47](https://github.com/hifis-net/ansible-role-ssh-keys/pull/47) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible-lint from 6.3.0 to 6.4.0 [\#46](https://github.com/hifis-net/ansible-role-ssh-keys/pull/46) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Fix role badges [\#45](https://github.com/hifis-net/ansible-role-ssh-keys/pull/45) ([tobiashuste](https://github.com/tobiashuste))
+
+## [v1.3.0](https://github.com/hifis-net/ansible-role-ssh-keys/tree/v1.3.0) (2022-07-27)
+
+[Full Changelog](https://github.com/hifis-net/ansible-role-ssh-keys/compare/v1.2.0...v1.3.0)
+
+**Implemented enhancements:**
+
+- Add support for Debian 11, AlmaLinux 9 and Ubuntu 22.04 [\#42](https://github.com/hifis-net/ansible-role-ssh-keys/issues/42)
+- Use molecule-podman instead of molecule-docker [\#41](https://github.com/hifis-net/ansible-role-ssh-keys/issues/41)
+- Replacement for Centos 8 [\#18](https://github.com/hifis-net/ansible-role-ssh-keys/issues/18)
+- Add badges to README [\#13](https://github.com/hifis-net/ansible-role-ssh-keys/issues/13)
+- Migrate changelog to github-changelog-generator [\#3](https://github.com/hifis-net/ansible-role-ssh-keys/issues/3)
+
+**Closed issues:**
+
+- Remove support for Debian 9 [\#40](https://github.com/hifis-net/ansible-role-ssh-keys/issues/40)
+- Rename project to ansible-role-ssh-keys [\#4](https://github.com/hifis-net/ansible-role-ssh-keys/issues/4)
+- Rename default branch to 'main' [\#1](https://github.com/hifis-net/ansible-role-ssh-keys/issues/1)
+
+**Merged pull requests:**
+
+- Release version 1.3.0 [\#44](https://github.com/hifis-net/ansible-role-ssh-keys/pull/44) ([tobiashuste](https://github.com/tobiashuste))
+- Support Debian 11, AlmaLinux 9 and Ubuntu 22.04 [\#43](https://github.com/hifis-net/ansible-role-ssh-keys/pull/43) ([tobiashuste](https://github.com/tobiashuste))
+- Remove support for EOL Debian 9 [\#39](https://github.com/hifis-net/ansible-role-ssh-keys/pull/39) ([tobiashuste](https://github.com/tobiashuste))
+- Use molecule-podman instead of molecule-docker [\#38](https://github.com/hifis-net/ansible-role-ssh-keys/pull/38) ([tobiashuste](https://github.com/tobiashuste))
+- Bump molecule from 3.6.1 to 4.0.1 [\#37](https://github.com/hifis-net/ansible-role-ssh-keys/pull/37) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible from 5.7.1 to 6.1.0 [\#36](https://github.com/hifis-net/ansible-role-ssh-keys/pull/36) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump yamllint from 1.26.3 to 1.27.1 [\#35](https://github.com/hifis-net/ansible-role-ssh-keys/pull/35) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible-lint from 6.2.1 to 6.3.0 [\#32](https://github.com/hifis-net/ansible-role-ssh-keys/pull/32) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump robertdebock/galaxy-action from 1.2.0 to 1.2.1 [\#29](https://github.com/hifis-net/ansible-role-ssh-keys/pull/29) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump reuse from 0.14.0 to 1.0.0 [\#28](https://github.com/hifis-net/ansible-role-ssh-keys/pull/28) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible-lint from 6.1.0 to 6.2.1 [\#26](https://github.com/hifis-net/ansible-role-ssh-keys/pull/26) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible-lint from 6.0.2 to 6.1.0 [\#24](https://github.com/hifis-net/ansible-role-ssh-keys/pull/24) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ansible from 5.6.0 to 5.7.1 [\#23](https://github.com/hifis-net/ansible-role-ssh-keys/pull/23) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Add support for Rocky Linux 8 [\#21](https://github.com/hifis-net/ansible-role-ssh-keys/pull/21) ([tobiashuste](https://github.com/tobiashuste))
+- Update links in changelog [\#20](https://github.com/hifis-net/ansible-role-ssh-keys/pull/20) ([Normo](https://github.com/Normo))
+- Add github\_branch to role meta information [\#19](https://github.com/hifis-net/ansible-role-ssh-keys/pull/19) ([Normo](https://github.com/Normo))
+- Add badges to README [\#15](https://github.com/hifis-net/ansible-role-ssh-keys/pull/15) ([tobiashuste](https://github.com/tobiashuste))
+- Update Python dependencies and specify Python version explicitly [\#14](https://github.com/hifis-net/ansible-role-ssh-keys/pull/14) ([tobiashuste](https://github.com/tobiashuste))
+- Use the FQCN in the whole project [\#12](https://github.com/hifis-net/ansible-role-ssh-keys/pull/12) ([tobiashuste](https://github.com/tobiashuste))
+- Update Galaxy meta information file [\#11](https://github.com/hifis-net/ansible-role-ssh-keys/pull/11) ([tobiashuste](https://github.com/tobiashuste))
+- Migrate manual changelog to github-changelog-generator [\#10](https://github.com/hifis-net/ansible-role-ssh-keys/pull/10) ([Normo](https://github.com/Normo))
+- Implement GitHub actions workflows [\#2](https://github.com/hifis-net/ansible-role-ssh-keys/pull/2) ([Normo](https://github.com/Normo))
+
+## [v1.2.0](https://github.com/hifis-net/ansible-role-ssh-keys/releases/tag/v1.2.0) - 2021-02-08
+
+[List of commits](https://github.com/hifis-net/ansible-role-ssh-keys/compare/v1.1.0...v1.2.0)
+
+### Added
+
+- Automate role import into Ansible Galaxy via GitHub Actions
+  ([!7](https://gitlab.com/hifis/ansible/ssh-keys/-/merge_requests/7)
+  by [tobiashuste](https://gitlab.com/tobiashuste)).
+
+## [v1.1.0](https://github.com/hifis-net/ansible-role-ssh-keys/releases/tag/v1.1.0) - 2021-01-22
+
+[List of commits](https://github.com/hifis-net/ansible-role-ssh-keys/compare/v1.0.0...v1.1.0)
+
+### Added
+- Support Debian Buster/Strech and simplify the CI pipeline
+  ([!1](https://gitlab.com/hifis/ansible/ssh-keys/-/merge_requests/1)
+  by [tobiashuste](https://gitlab.com/tobiashuste)).
+
+### Changed
+- Improve Ansible Galaxy tags
+  ([!2](https://gitlab.com/hifis/ansible/ssh-keys/-/merge_requests/2)
+  by [tobiashuste](https://gitlab.com/tobiashuste)).
+
+## [v1.0.0](https://github.com/hifis-net/ansible-role-ssh-keys/releases/tag/v1.0.0) - 2021-01-06
+
+### Added
+- Initial release of the Ansible SSH-Keys role
+
+
+\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
diff --git a/roles/ssh_keys/README.md b/roles/ssh_keys/README.md
new file mode 100644
index 0000000..f84ba40
--- /dev/null
+++ b/roles/ssh_keys/README.md
@@ -0,0 +1,70 @@
+<!--
+SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
+# hifis.ssh_keys Ansible Role
+
+[![CI Status](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/ssh_keys.yml/badge.svg)](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/ssh_keys.yml)
+
+This Ansible role distributes authorized SSH public keys to users.
+
+Currently [supported platforms](meta/main.yml) are:
+
+- CentOS 7
+- AlmaLinux 8
+- AlmaLinux 9
+- Ubuntu 18.04 LTS
+- Ubuntu 20.04 LTS
+- Ubuntu 22.04 LTS
+- Debian Buster
+- Debian Bullseye
+
+## Requirements
+
+None.
+
+## Role Variables
+
+```yaml
+ssh_user_list:
+  - name: jane
+    create_user_account: true
+    authorized_keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJi3wBlOT+oR8Rd+YQsV8tUoQOd3NSUuyzJYQp8finD6 john@example.com
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDXkvy8jMmw45grnmYK+Ylk/mcc7IyG9taNseNiVrGjR8KRHVJpzEntW1g6SAomIGIpBLvviiyhal4E1v1bhpv2JopbiM3JDOck6gwc4AfpanjuZFPuq6stq5pF7bb2C+zliw16zTFL7bp09tD7nNs30GlchB5DU2sSn1zq4iC+eQ== john@example.com
+```
+
+In order to authorize SSH public keys you need to edit the variable
+`ssh_user_list` and add a list entry containing the `name` of the user, a
+list of `authorized_keys` and optionally the `create_user_account` flag if you
+want the role to take care of creating the account. Each list entry corresponds
+to one user account.
+
+```yaml
+ssh_authorized_keys_exclusive: true
+```
+
+Whether to remove all other non-specified keys from the authorized_keys file.
+
+## Dependencies
+
+None.
+
+## Example Playbook
+
+```yaml
+    - hosts: servers
+      roles:
+         - role: hifis.toolkit.ssh_keys
+```
+
+## License
+
+[Apache-2.0](LICENSES/Apache-2.0.txt)
+
+## Author Information
+
+This role was created by [HIFIS Software Services](https://hifis.net/).
diff --git a/roles/ssh_keys/defaults/main.yml b/roles/ssh_keys/defaults/main.yml
new file mode 100644
index 0000000..ba044f0
--- /dev/null
+++ b/roles/ssh_keys/defaults/main.yml
@@ -0,0 +1,8 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+ssh_user_list: []
+ssh_authorized_keys_exclusive: true
diff --git a/roles/ssh_keys/meta/main.yml b/roles/ssh_keys/meta/main.yml
new file mode 100644
index 0000000..9cdc6a7
--- /dev/null
+++ b/roles/ssh_keys/meta/main.yml
@@ -0,0 +1,42 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+galaxy_info:
+  role_name: "ssh_keys"
+  author: "HIFIS Software Services"
+  description: "Add provided authorized SSH public keys to a user."
+  company: "Helmholtz Association"
+
+  issue_tracker_url: "https://github.com/hifis-net/ansible-collection-toolkit/issues"
+
+  license: "Apache-2.0"
+  min_ansible_version: "2.14"
+
+  platforms:
+    - name: "EL"
+      versions:
+        - "7"
+        - "8"
+        - "9"
+    - name: "Ubuntu"
+      versions:
+        - "bionic"
+        - "focal"
+        - "jammy"
+    - name: "Debian"
+      versions:
+        - "buster"
+        - "bullseye"
+
+  galaxy_tags:
+    - "ssh"
+    - "authorized"
+    - "key"
+    - "keys"
+
+dependencies: []
+
+...
diff --git a/roles/ssh_keys/tasks/main.yml b/roles/ssh_keys/tasks/main.yml
new file mode 100644
index 0000000..7ec4553
--- /dev/null
+++ b/roles/ssh_keys/tasks/main.yml
@@ -0,0 +1,31 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+- name: "Ensure user account is present"
+  ansible.builtin.user:
+    name: "{{ ssh_user.name }}"
+    state: "present"
+  when:
+    - "ssh_user.name | default('')"
+    - "ssh_user.name | length > 0"
+    - "ssh_user.create_user_account | default(false) | bool"
+  loop: "{{ ssh_user_list }}"
+  loop_control:
+    loop_var: "ssh_user"
+
+- name: "Manage authorized ssh keys"
+  ansible.posix.authorized_key:
+    user: "{{ ssh_user.name }}"
+    key: "{{ ssh_user.authorized_keys | default([]) | join('\n') }}"
+    exclusive: "{{ ssh_authorized_keys_exclusive }}"
+  when:
+    - "ssh_user.name | default('')"
+    - "ssh_user.name | length > 0"
+  loop: "{{ ssh_user_list }}"
+  loop_control:
+    loop_var: "ssh_user"
+
+...