As apt is moving away its old keyring ways (the trusted.gpg file) and into storing each repository's key in its own GPG file inside /usr/share/keyrings/, it is essential all manually added repositories are migrated to the new system.
List existing keys
apt-key listFind the key you want to export, copy the last 8 characters of the pub code, and run the export to move the key into its own GPG file
apt-key export DA1229CF | gpg --dearmor -o /usr/share/keyrings/some-repo.gpgYou'll likely see a message like this:
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).This is only being shown because the apt-key command was used. No need to worry about it.
Now the new GPG file needs to be referenced by the repo that requires it
deb [arch=amd64 signed-by=/usr/share/keyrings/some-repo.gpg] https://packages.some-repo.com/repos/ stable mainConfirm the migration worked
apt updateDelete the key from the old trusted.gpg location
apt-key del DA1229CF