diff --git a/ssh-keys/tasks/non-root-ssh-keys.yml b/ssh-keys/tasks/non-root-ssh-keys.yml
index 602fe265..840e75aa 100644
--- a/ssh-keys/tasks/non-root-ssh-keys.yml
+++ b/ssh-keys/tasks/non-root-ssh-keys.yml
@@ -3,7 +3,7 @@
   authorized_key: user={{ item.0.name }} key="{{ item.1 }}" state=present
   when: non_root_users
   with_subelements:
-    - '{{ ssh_users_list }}'
+    - '{{ ssh_users_list | default ([]) }}'
     - authorized_keys
   tags: [ "pubkeys", "ssh_keys" ]
 
@@ -13,6 +13,6 @@
     - obsolete_ssh_key is defined
     - non_root_users
   with_subelements:
-    - '{{ ssh_users_list }}'
+    - '{{ ssh_users_list | default ([]) }}'
     - authorized_keys
   tags: [ "pubkeys", "ssh_keys" ]
diff --git a/ssh-keys/tasks/root-ssh-keys.yml b/ssh-keys/tasks/root-ssh-keys.yml
index f77de47b..39fed3dd 100644
--- a/ssh-keys/tasks/root-ssh-keys.yml
+++ b/ssh-keys/tasks/root-ssh-keys.yml
@@ -1,12 +1,13 @@
 ---
 - name: Install the ssh keys for the authorized users
   authorized_key: user=root key="{{ item }}" state=present
-  with_items: '{{ user_ssh_key }}'
+  with_items: '{{ root_ssh_keys | default([]) }}'
+  when: manage_root_ssh_keys
   tags: [ 'pubkeys', 'ssh_keys' ]
 
 - name: Remove obsolete ssh keys if there are any
   authorized_key: user=root key="{{ item }}" state=absent
-  with_items: '{{ obsolete_ssh_key }}'
+  with_items: '{{ obsolete_root_ssh_keys | default([]) }}'
   when: obsolete_ssh_key is defined
   tags: [ 'pubkeys', 'ssh_keys' ]
 
diff --git a/ubuntu-deb-general/tasks/pubkeys.yml b/ubuntu-deb-general/tasks/pubkeys.yml
index 5d02ff77..3ee28fd2 100644
--- a/ubuntu-deb-general/tasks/pubkeys.yml
+++ b/ubuntu-deb-general/tasks/pubkeys.yml
@@ -1,13 +1,12 @@
 ---
-# TODO: fetch the keys from ldap
 - name: various pub ssh keys for users and apps
   authorized_key: user=root key="{{ item }}" state=present
-  with_items: '{{ root_ssh_keys }}'
+  with_items: '{{ root_ssh_keys | default([]) }}'
   when: manage_root_ssh_keys
   tags: root_pubkeys
 
 - name: Remove obsolete keys from the authorized ones
   authorized_key: user=root key="{{ item }}" state=absent
-  with_items: '{{ obsolete_root_ssh_keys }}'
+  with_items: '{{ obsolete_root_ssh_keys | default([]) }}'
   when: obsolete_root_ssh_keys is defined
   tags: root_pubkeys