1 files changed, 7 insertions, 5 deletions

diff --git a/grpc-auth-support.md b/grpc-auth-support.md
index 9850b8b24e..a43f873e5d 100644
--- a/grpc-auth-support.md
+++ b/grpc-auth-support.md
@@ -63,11 +63,13 @@ grpc::Status s = stub->sayHello(&context, *request, response);
 
 This credential works for applications using Service Accounts as well as for 
 applications running in Google Compute Engine (GCE). In the former case, the
-service account’s private keys are expected in file located at [TODO: well
-known file fath for service account keys] or in the file named in the environment
-variable [TODO: add the env var name here]. The keys are used at run-time to
-generate bearer tokens that are attached to each outgoing RPC on the
-corresponding channel.
+service account’s private keys are loaded from the file named in the environment
+variable `GOOGLE_APPLICATION_CREDENTIALS`. If that environment variable is not
+set, the library attempts to load the keys from the file located at 
+`<home>/.config/gcloud/application_default_credentials.json` where `<home>` is
+the relative path specified in the environment variable `HOME`. Once loaded, the
+keys are used to generate bearer tokens that are attached to each outgoing RPC 
+on the corresponding channel.
 
 For applications running in GCE, a default service account and corresponding
 OAuth scopes can be configured during VM setup. At run-time, this credential