diff --git a/roles/knot/tasks/main.yml b/roles/knot/tasks/main.yml
index 302fc5a..8d670a6 100644
--- a/roles/knot/tasks/main.yml
+++ b/roles/knot/tasks/main.yml
@@ -16,7 +16,7 @@
 
 - name: Generate tsig
   become: yes
-  ansible.builtin.shell:
+  shell:
     cmd: "keymgr -t {{ key_name }} > /etc/knot/{{ key_name }}.key"
     creates: "/etc/knot/{{ key_name }}.key"
   run_once: True
@@ -29,8 +29,8 @@
   run_once: True
 
 - name: Populate key to all host
-  set_facts:
-    tsig_key_content: {{ tsig_key['content'] | b64decode }}
+  set_fact:
+    tsig_key_content: "{{ tsig_key['content'] | b64decode }}"
   run_once: True
   with_items: "{{ play_hosts }}"
   delegate_to: "{{ item }}"
diff --git a/roles/knot/templates/knot.conf.j2 b/roles/knot/templates/knot.conf.j2
index 8901739..078aa8b 100644
--- a/roles/knot/templates/knot.conf.j2
+++ b/roles/knot/templates/knot.conf.j2
@@ -21,7 +21,7 @@ acl:
   - id: {{ hostvars[host].ansible_hostname }}
     address: [ {{ ( hostvars[host].ansible_all_ipv4_addresses + hostvars[host].ansible_all_ipv6_addresses ) | ansible.netcommon.ipaddr('public') | join(', ') }} ]
     action: {% if host in groups.secondary %} transfer {% elif host in groups.primary %} notify {% endif %}
-
+    key: {{ key_name }}
 {% endfor %}
 
 template: