Mozilla SOPS, a tool for encrypting secrets for storage in source control systems, lets you encrypt secrets using the Shamir Sharing Threshold. You can use (and mix and match!) keys stored in of the first-party cloud secrets managers (AWS Secrets Manager, GCP KMS, Azure Key Vault), Hashicorp Vault, GnuPG, or Age.

Various IaC ecosystems have integrations for it. It's probably the best way to store secrets for Nix-based deployments, and there are also docs and integrations that pair it up with Kubernetes and Terraform.

Idk how many companies are really using keygroups, though. Probably in some of them, the repos are public and can tell you that.