apt-key(8) — apt — Debian testing — Debian Manpages
I see this is “mostly” deprecated:
apt-key is used to manage the list of keys used by apt to authenticate packages. Packages which have been authenticated using these keys will be considered trusted.
Use of apt-key is deprecated, except for the use of apt-key del in maintainer scripts to remove existing keys from the main keyring. If such usage of apt-key is desired the additional installation of the GNU Privacy Guard suite (packaged in gnupg) is required.
apt-key(8) will last be available in Debian 11 and Ubuntu 22.04.
Is this the accepted and safe workaround using GPG (untested)?:
in short : retrieve the key locally
curl -s URL
add the key :
cat URL.pub | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/NAME.gpg --import
authorize the user _apt :
sudo chown _apt /etc/apt/trusted.gpg.d/NAME.gpg