Re: Set up to fail
I agree they should protect the keys...
But I have no sympathy for someone who thought it was OK to publish any of their company's stuff on GitHub without asking and receiving clear permission.
His employment contract will certainly have had the usual clauses about company ownership of his work, confidentiality etc. Even without the keys he broke his contract and trade secret laws, it's just unfortunate the keys made it a lot worse which is on the company.