That's a bad practice. I have better security experience from the infrastructure around IaC than SSH.
Because for IaC we used Gitlab, hidden by a Keycloak, or connected to an Azure AD, protected by a MFA VPN. And for provisioning we used containers, no SSH required there either.
The major revolution that allowed me to move away from SSH in server provisioning is container hosts, ignition (or cloud-init), and these days the cutting edge is bootc.
Because for IaC we used Gitlab, hidden by a Keycloak, or connected to an Azure AD, protected by a MFA VPN. And for provisioning we used containers, no SSH required there either.
The major revolution that allowed me to move away from SSH in server provisioning is container hosts, ignition (or cloud-init), and these days the cutting edge is bootc.