A lot of these are inspired by how we actually deploy stuff internally at Strapi for our own infrastructure, along with previous experience and how a single person like me can run and maintain about 30 different applications as a single DevOps person on various hobby projects.
Just because I say single devops, doesn’t mean these options don’t scale, especially with Terraform (God I love Hashicorp, such a great company). You can easily store Terraform state files in a central storage like Consul (self-deployed or their cloud) and easily maintain deployments with strict control for multiple devops personnel. Same for storing secrets in Vault (you can even use Hashicorp’s Vault system with Ansible).
https://docs.ansible.com/ansible/latest/collections/community/general/hashi_vault_lookup.html