Not really, we have our own datacenter and DNS servers. We have HSMs for somethings (like CA certs) and yubikey/similar for things that require passwords but those are all protected by user-specific certificates.
Yes/no, one exists but its unrelated to my job. Its probably worth noting that we also have sets of accounts that while password protected are essentially considered public. Those accounts are accessible to anyone who knows the well-known standard passphrase
