diff --git a/README.md b/README.md
index faebf68..5c876f6 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,7 @@ missing:
 - os detection (RHEL)
 - github-actions
 - docs
+- vars
 
 working:
 - epel install on centos 7
diff --git a/defaults/main.yml b/defaults/main.yml
index 9c02a93..b230bb4 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,5 +1,11 @@
 ---
-submodules_versioncheck: true
+submodules_versioncheck: false
 # epel repo
-epel_repo_url: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
-epel_repo_gpg_key_url: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}"
+epel_repo:
+  url: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
+  gpg_key_url: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}"
+  gpg_key_path: "/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}"
+  fingerprint:
+    '6': "8C3B E96A F230 9184 DA5C 0DAE 3B49 DF2A 0608 B895"
+    '7': "91E9 7D7C 4A5E 96F1 7F3E 888F 6A2F AEA2 352C 64E5"
+    '8': "94E2 79EB 8D8F 25B2 1810 ADF1 21EA 45AB 2F86 D6A1"
diff --git a/tasks/main.yml b/tasks/main.yml
index 2bf9eca..a4ec6cb 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,18 +1,30 @@
 ---
+- name: combine epel_repo config
+  set_fact:
+    epel_repo: "{{ _epel_repo|combine(epel_repo, recursive=True) }}"
+
 - include_tasks: versioncheck.yml
   when: submodules_versioncheck|bool
 
 - name: import EPEL Repo GPG Key
+  block:
+    - name: import epel gpg from file
+      rpm_key:
+        key: "{{ epel_repo.gpg_key_path }}"
+        state: present
+        fingerprint: "{{ epel_repo.fingerprint[ansible_distribution_major_version] }}"
+  rescue:
+    - name: import epel gpgp from url
+      rpm_key:
+        key: "{{ epel_repo.gpg_key_url }}"
+        state: present
+        fingerprint: "{{ epel_repo['fingerprint'][ ansible_distribution_major_version ] }}"
   become: true
-  rpm_key:
-    key: "{{ epel_repo_gpg_key_url }}"
-    state: present
-    validate_certs: true
 
 - name: Install EPEL repo
   become: true
   yum:
-    name: "{{ epel_repo_url }}"
+    name: "{{ epel_repo.url }}"
     state: present
   register: result
   until: result is succeeded
diff --git a/vars/main.yml b/vars/main.yml
index c64c23f..66954c1 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,3 +1,12 @@
 ---
 playbook_version_number: 1025 # should be over ninethousand
 playbook_version_path: 'role-epel_roles-ansible_github.com.version' 
+# epel repo
+_epel_repo:
+  url: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
+  gpg_key_url: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}"
+  gpg_key_path: "/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}"
+  fingerprint:
+    '6': "8C3B E96A F230 9184 DA5C 0DAE 3B49 DF2A 0608 B895"
+    '7': "91E9 7D7C 4A5E 96F1 7F3E 888F 6A2F AEA2 352C 64E5"
+    '8': "94E2 79EB 8D8F 25B2 1810 ADF1 21EA 45AB 2F86 D6A1"