I'm ok with the current approach.
This is how jclouds-chef works too. Chef requires the private key so requests can be signed, and when creating the context users provide that key in a String. In the live tests, the key is also provided as a path in the filesystem too, which I like and I think is a reasonable approach (as private keys are almost always stored in a file in the user's filesystem).
