Exposed private key

[luatnd]

First of all, I'd like to say a big thank to you for this awesome repos, it save me a lot of time.
I made a EER diagram visualization UI to visualize the table list and its dependency.
As I can see, Resource --> Advanced Google Service... does not support FireStore currently.
Google hasn't provided us a Firestore SDK for Google App Script.
I guess that using the authentication method in this repos is the only way.
.
I don't know this can be an issue or not, just place my concern here.
But expose private key is very dangerous. Is there another way to avoid placing the private key in the *.gs files?

[grahamearley]

I agree that this isn't always the most secure way to do things. Do you have any ideas for how to approach this more securely?

I'll leave this issue open for discussion.

[luatnd]

Haha I haven't had any different idea, your method seems to be the only solution. Hm, I think Google will provide a service soon.
If I need more secure, I will spend time to make a middle endpoint:
Google Script --> My Nodejs API (using nodejs SDK) --> FireStore.

[grahamearley]

I'm closing this issue because I don't think there is another solution. The private key is required for the authentication method this library uses.