SSH keys management system

Yes, Puppet is the right way to do this, and from that other question, Option 3 seem to be the most sensible (as well as being the accepted answer [always a good sign!]).

There's a ssh_key module for puppet which makes the whole thing trivially easy.

SSH is nice, but when you start to scale to large numbers of keys and ACLs, it gets ugly fast.

Kerberos was designed to operate in this sort of environment (lots of ACLs, key revocation, etc.) User management with kerberos is a pain, but if you've got a very small number of users, it is pretty easy.