Galaxy, PEM files, and Continuous Integration :: How to handle?

I have a very simple Meteor app deployed to Galaxy that accesses a Google Cloud API (Prediction API for the curious).

The PEM file used to access the API is in the /private folder. Deploying via the command line works as expected.

I have Codeship set up and working, but any method requiring the Google Cloud API fails as the PEM file is not included in source (and thus not deployed to Galaxy via Codeship).

Any suggestions on how best to handle the PEM file?

Not exactly elegant, but one workaround I’ve found is to base64 encode the .pem file and include the string in settings.json. I check for the presence of the file on server startup, and if no file exists I decode the string and write a new file to assets/app/, which is where the contents of the /private folder exist within the Meteor build.