Merge branch 'ab#67740' of https://github.com/Keyfactor/gcp-loadbalancer-orchestrator into ab#67740

Lee Fine · Lee Fine · commit 0728683b9bd3 · 2025-02-13T18:26:10.000Z
diff --git a/README.md b/README.md
@@ -49,7 +49,11 @@ The GCP Load Balancer Universal Orchestrator extension is supported by Keyfactor
 Before installing the GCP Load Balancer Universal Orchestrator extension, we recommend that you install [kfutil](https://github.com/Keyfactor/kfutil). Kfutil is a command-line tool that simplifies the process of creating store types, installing extensions, and instantiating certificate stores in Keyfactor Command.
 
 
-A service account is necessary for authentication to GCP.  The following are the required permissions:
+The orchestrator extension supports having credentials provided by the environment, environment variable, or passed manually from Keyfactor Command.  You can read more about the first two options [here](https://cloud.google.com/docs/authentication/production#automatically).
+
+To pass credentials from Keyfactor Command you need to first create a service account within GCP and then download a [service account key](https://cloud.google.com/docs/authentication/set-up-adc-local-dev-environment#local-key)  Remember to assign the appropriate role/permissions for the service account (see below).  Afterwards inside Keyfactor Command copy and paste the contents of the service account key in the password field for the GCP Certificate Store you create.
+
+The following are the required permissions for the GCP service account:
 - compute.sslCertificates.create
 - compute.sslCertificates.delete
 - compute.sslCertificates.list
@@ -58,10 +62,6 @@ A service account is necessary for authentication to GCP.  The following are the
 - compute.targetHttpsProxies.setSslCertificates
 - compute.regionSslCertificates.list
 
-The orchestrator extension supports having credentials provided by the environment, environment variable, or passed manually from Keyfactor Command.  You can read more about the first two options [here](https://cloud.google.com/docs/authentication/production#automatically).
-
-To pass credentials from Keyfactor Command you need to first create a service account and then download a service account key.  Instructions are [here](https://cloud.google.com/docs/authentication/set-up-adc-local-dev-environment#local-key).  Remember to assign the appropriate role/permissions for the service account.  Afterwards inside Keyfactor Command copy and paste the contents of the service account key in the password field for the GCP Certificate Store Type.
-
 
 ## Create the GCPLoadBal Certificate Store Type
 
