Hmmm, this is tricky. How did you set this up? I suspect that you really needed to restore the SMK from the primary onto the secondaries and then setup the restore.

You're not adding the SMK (Service Master Key) to the DMK (database master key), what you're doing is adding your DMK in the user db to the hierarchy on the secondary that allows the SMK to encrypt the DMK (and decrypt it). What you're running is what is needed. I haven't thought about this from the AG perspective, but really you do need a job that runs this in case something changes, but if you had the same SMK on both instances, then I think this might work.