diff --git a/changelog/59786.fixed b/changelog/59786.fixed
new file mode 100644
index 00000000000..00612d70fbf
--- /dev/null
+++ b/changelog/59786.fixed
@@ -0,0 +1 @@
+Warn when using insecure (http:// based) key_urls for apt-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url.
diff --git a/salt/states/pkgrepo.py b/salt/states/pkgrepo.py
index 31626e2600d..294e17ce52a 100644
--- a/salt/states/pkgrepo.py
+++ b/salt/states/pkgrepo.py
@@ -293,8 +293,9 @@ def managed(name, ppa=None, copr=None, aptkey=True, **kwargs):
         ``keyid`` option must also be set for this option to work.
 
     key_url
-        URL to retrieve a GPG key from. Allows the usage of ``http://``,
-        ``https://`` as well as ``salt://``.
+        URL to retrieve a GPG key from. Allows the usage of
+        ``https://`` as well as ``salt://``.  If ``allow_insecure_key`` is True,
+        this also allows ``http://``.
 
         .. note::