As you know, sometime Internet is a bad place (and not, I am not talking about Facebook :)
There are “bots” which scans github repo in search of an AWS Keys or other similar api keys, mostly for installing spam bots and so on. You should not version it but… what can you do if your teammate did it already?
Simply deleting a key from git via “git rm” is not enough, because it will be stored in the past history anyway.
But git can rewrite its history and there is a tool called bfg to do it in a simple and safe way.