If you don't want to give him the keys you have these options:
- You need to build and sign every single apk he wants to upload to google play.
- Set up a build server like jenkins and let jenkins build + sign on every git push. Then make the resulting signed apk available to the team.
- Create some internal signing service where developers can submit an apk file and get it back signed.