That’s exactly the kind of work I’d expect from TCS, I’m not sure why you are surprised.

The fact that it's nicely commented is even more so. Check out the other environment configs commented out, are they doing this by hand? Wild.

Even more importantly, why do the root keys expose EVERYTHING? Do they just have one account for all of their infra?

Sending it with AES encryption(with the key that the client has access to) makes it even worse, as someone knew this shouldn't be shared to client yet they shared it anyway.

If you’ve ever worked with Indian outsourcing firms it’s not