Unless there's an ironclad agreement in place that I have to turn over all security credentials 'in my brain' after my termination [SNIP]
It's not after termination. A sysadmin has no right to have created and fail to disclose security credentials
for someone else's property (company systems) in the first place. The actual trespass on company property occurred while the person was still employed, At the very moment the admin created or changed the password without permission and didn't provide that to management, they committed an act of sabotage.
You should be so lucky IF you turn over all the security credentials in your brain, then your employer may agree not to sue you for everything you own and more.
my ex-employer is going to pay dearly for that information.
Nope. You're going to pay dearly, in many ways, if you fail to provide that ex-employer that information.
Also, Demanding payment for something you were legally required to have told them and/or had permission to do is Called Extortion or Ransom. That makes you no different than the Bloody CryptoLocker that scrambles peoples' files and demands Cash in exchange for the unlock key... in fact it's 99% almost exactly the darned same thing.
Unless there's an ironclad agreement in place that I have to turn over all security credentials 'in my brain' after my termination (and I would never agree to such an agreement),
Such agreement is in the standard Employee manual verbiage these days.
Chances are you have already agreed.