diff --git a/modules/cco-short-term-creds-auth-flows.adoc b/_unused_topics/cco-short-term-creds-auth-flows.adoc
similarity index 100%
rename from modules/cco-short-term-creds-auth-flows.adoc
rename to _unused_topics/cco-short-term-creds-auth-flows.adoc
diff --git a/modules/cco-short-term-creds-auth-flow-aws.adoc b/modules/cco-short-term-creds-auth-flow-aws.adoc
index c005946e18..515c818384 100644
--- a/modules/cco-short-term-creds-auth-flow-aws.adoc
+++ b/modules/cco-short-term-creds-auth-flow-aws.adoc
@@ -31,7 +31,7 @@ The following diagram illustrates the authentication flow between AWS and the {p
 .AWS Security Token Service authentication flow
 image::347_OpenShift_credentials_with_STS_updates_0623_AWS.png[Detailed authentication flow between AWS and the cluster when using AWS STS]
 
-Requests for new and refreshed credentials are automated by using an appropriately configured AWS IAM OpenID Connect (OIDC) identity provider, combined with AWS IAM roles. {product-title} signs service account tokens that are trusted by AWS IAM, and can be projected into a pod and used for authentication.
+Requests for new and refreshed credentials are automated by using an appropriately configured AWS IAM OpenID Connect (OIDC) identity provider, combined with AWS IAM roles. {product-title} signs service account tokens that are trusted by AWS IAM, and can be projected into a pod and used for authentication. Tokens are refreshed after one hour.
 
 [id="cco-short-term-creds-auth-flow-aws-refresh-policy_{context}"]
 == Token refreshing for AWS STS
diff --git a/modules/cco-short-term-creds-auth-flow-gcp.adoc b/modules/cco-short-term-creds-auth-flow-gcp.adoc
index a51cfb7884..2204d243cb 100644
--- a/modules/cco-short-term-creds-auth-flow-gcp.adoc
+++ b/modules/cco-short-term-creds-auth-flow-gcp.adoc
@@ -6,6 +6,8 @@
 [id="cco-short-term-creds-auth-flow-gcp_{context}"]
 = GCP Workload Identity authentication process
 
+Requests for new and refreshed credentials are automated by using an appropriately configured OpenID Connect (OIDC) identity provider combined with IAM service accounts. Service account tokens that are trusted by GCP are signed by {product-title} and can be projected into a pod and used for authentication. Tokens are refreshed after one hour.
+
 The following diagram details the authentication flow between GCP and the {product-title} cluster when using GCP Workload Identity.
 
 .GCP Workload Identity authentication flow