[pastage]

I use GPG signed tar balls for that, mostly it's just to run scripts on multiple servers, but also useful for file transfers. You still have to fix secure transfers between hosts but you do not authenticate the connecting clients, but your client just need to verify host keys to protect against MITM. Works on pretty large installations.

I started doing it like this when I only had Debian machines, and just used apt and Deb archives, but I never could find the time to hack Apt to be a perfect fit for it and it ended up being hell on other OS.