I won't discount your IT can be bad, but also if you're keeping something as core to your security as signing keys somewhere your IT can't audit, you are just as bad. And your IT won't be the ones fired when your keys leak.

You are under the erroneous impression IT would be fired for leaking keys and not simply impose a new process that blames everyone else.

And this is in Fortune 500 of course.