monkeysphere for personal ssh private keys stored in gpg
chef and hashicorp vault
Another neat thing to deploy into dns is sshfp records so there's almost never ssh fingerprint verification prompts for deployed hosts. Alternatively, ssh host fingerprints can be deployed to LDAP.
> Another neat thing to deploy into dns is sshfp records
For those wondering, [1] provides a bit of a background on SSHFP records. You can only skip host-key checking entirely if it's served with DNSSEC, although that might be easier if you're running internal DNS.
How do you have your system working? Its something I've fiddled with briefly, but ultimately gave up on for now.
chef and hashicorp vault
Another neat thing to deploy into dns is sshfp records so there's almost never ssh fingerprint verification prompts for deployed hosts. Alternatively, ssh host fingerprints can be deployed to LDAP.