You could place the keyfile into the config directory, then do the following:
opts['key'] = Rails.root.join('config','nameofkeyfile.p12').to_s
You don't want the key to be in a location that your application will serve up to the public, so config sounds like a good location to me.
You can experiment with the block you have above in the Rails console:
# run `rails c` then
keypath = Rails.root.join('config','nameofkeyfile.p12').to_s
key = Google::APIClient::PKCS12.load_key(keypath, "notasecret")
Looking at the Google::APIClient documentation, I see load_key
is deprecated. They recommend using Google::APIClient::KeyUtils
instead.
key = Google::APIClient::KeyUtils.load_from_pkcs12(keyfile, "notasecret")
As for a quick overview of the Rails asset pipeline, see here. (Please pardon the "for dummies" part of that url, it appears to be good, quick info.)