storing and deploying keys securely

In several flask apps at aquaya, I used a combo of environment variables and sample config files filled in with real data on the live servers only, not in the source. But how to do this with a lot of servers that may be rebuilt at any time? How do you avoid passing state to these servers when you provision them? And how do you share these credentials among team members?