Why disable SSH root login with key only?

Guys, eventually any tool used to make changes in production will need access to production. It’s done either with by sshing into the server. Or by running custom software on the server that allows connection from outside. The way to ssh is with a key. Passwords are bad. Thus the original question, root login using ssh key vs sudo?

The key might leak or be stolen, the server might be misconfigured, the valid user may still need not be root, etc.

Is the following config secure?

Include /etc/ssh/sshd_config.d/.conf

UsePAM yes

PrintMotd no

AcceptEnv LANG LC_

PermitRootLogin prohibit-password

PasswordAuthentication no

PermitEmptyPasswords no

ChallengeResponseAuthentication no

KerberosAuthentication no

GSSAPIAuthentication no

X11Forwarding no

PermitUserEnvironment no