As @swalkinshaw said this isn’t a requirement, but it also supports URLs; at my old agency we just configured it to pull the list of keys from a users github, i.e.:
# Documentation: https://roots.io/trellis/docs/ssh-keys/
admin_user: admin
# Also define 'vault_users' (`group_vars/staging/vault.yml`, `group_vars/production/vault.yml`)
users:
- name: "{{ web_user }}"
groups:
- "{{ web_group }}"
keys:
- https://github.com/alwaysblank.keys
- name: "{{ admin_user }}"
groups:
- sudo
keys:
- https://github.com/alwaysblank.keys
web_user: web
web_group: www-data
web_sudoers:
- "/usr/sbin/service php7.4-fpm *"
(Although if you did this you’d probably want to make sure you had a system for removing people when they left your organization.)