This looks popular: www.chezmoi.io

I’m surprised no one mentioned ansible yet. It’s meant for this (and more).

By ssh keys I assume you’re talking about authorized_keys, not private keys. I agree with other posters that private keys should not be synced, just generate new ones and add them to the relevant servers authorized_keys with ansible.

ssh keys go into my keepass db, keepassxc imports them into gpg agent or ssh agent. Bash aliases and so on are in my dotfiles

Use a git repo and stow tool. For updating, you only need run git pull (and stow if you create config for a new software). If you modify some config, just git add && git commit && git push.
With this way, you can also record change history of your config.

Just use backpack or sshrc or kyrat.

Dotfiles go in git, SSH keys are state.

I’m looking to migrate to home-manager though because I use Nix on all my devices anyways.

On my devices like PCs, laptops or phones, syncthing syncs all my .rc files, configs, keys, etc.

For things like servers, routers, etc. I rely on OpenSSH’s ability to send over environmental variables to send my aliases and functions.
On the remote I have
[ -n "$SSH_CONNECTION" ] && eval "$(echo "$LC_RC" | { { base64 -d || openssl base64 -d; } | gzip -d; } 2>/dev/null)"
in whatever is loaded when I connect (.bashrc, usually)
On the local machine
alias ssh="$([ -z "$SSH_CONNECTION" ] && echo 'LC_RC=$(gzip < ~/.rc | base64 -w 0)') ssh'

That’s not the best way to do that by any means (it doesn’t work with dropbear, for example), but for cases like that I have other non-generic, one-off solutions.