ab#67740

Lee Fine · Lee Fine · commit 0e848ef16e94 · 2025-02-12T18:23:59.000Z
diff --git a/docsource/content.md b/docsource/content.md
@@ -5,7 +5,11 @@ The Google Cloud Platform (GCP) Load Balancer Orchestrator allows for the manage
 
 ## Requirements
 
-A service account is necessary for authentication to GCP.  The following are the required permissions:
+The orchestrator extension supports having credentials provided by the environment, environment variable, or passed manually from Keyfactor Command.  You can read more about the first two options [here](https://cloud.google.com/docs/authentication/production#automatically).
+
+To pass credentials from Keyfactor Command you need to first create a service account within GCP and then download a [service account key](https://cloud.google.com/docs/authentication/set-up-adc-local-dev-environment#local-key)  Remember to assign the appropriate role/permissions for the service account (see below).  Afterwards inside Keyfactor Command copy and paste the contents of the service account key in the password field for the GCP Certificate Store you create.
+
+The following are the required permissions for the GCP service account:
 - compute.sslCertificates.create
 - compute.sslCertificates.delete
 - compute.sslCertificates.list
@@ -14,6 +18,3 @@ A service account is necessary for authentication to GCP.  The following are the
 - compute.targetHttpsProxies.setSslCertificates
 - compute.regionSslCertificates.list
 
-The orchestrator extension supports having credentials provided by the environment, environment variable, or passed manually from Keyfactor Command.  You can read more about the first two options [here](https://cloud.google.com/docs/authentication/production#automatically).
-
-To pass credentials from Keyfactor Command you need to first create a service account and then download a service account key.  Instructions are [here](https://cloud.google.com/docs/authentication/set-up-adc-local-dev-environment#local-key).  Remember to assign the appropriate role/permissions for the service account.  Afterwards inside Keyfactor Command copy and paste the contents of the service account key in the password field for the GCP Certificate Store Type.
