{% if salt['file.search'](user_info.home + "/.ssh/authorized_keys", "[huge key here]"): %}
# Rename authorized_keys if it contains a known revoked key
# This can be removed "Some time in the future"™
"{{ user_info.home }}/.ssh/authorized_keys.old":
  file.rename:
    - source: "{{ user_info.home }}/.ssh/authorized_keys"
{% endif %}



"{{ user_info.home }}/.ssh/authorized_keys.old":
  file.rename:
    - source: "{{ user_info.home }}/.ssh/authorized_keys"
    - onlyif:
      - grep -Fq '[huge key here]' {{ user_info.home }}/.ssh/authorized_keys