How about the GPG keys used to sign the packages in a repository?

The GPG keys used to sign the packages in a repository are not managed by the YUM Puppet module. Instead, the YUM module tries to ensure the latest *-release package is installed.