diff --git a/cluster/gce/gci/credential-provider/README.md b/cluster/gce/gci/credential-provider/README.md
new file mode 100644
index 00000000000..1c3bde27c4e
--- /dev/null
+++ b/cluster/gce/gci/credential-provider/README.md
@@ -0,0 +1,35 @@
+# GCP credential provider for e2e testing
+
+This package contains a barebones implementation of the [kubelet GCP credential
+provider](https://github.com/kubernetes/cloud-provider-gcp/tree/master/cmd/auth-provider-gcp)
+for testing purposes only. This plugin SHOULD NOT be used in production.
+
+This credential provider is installed and configured in the node e2e tests by:
+
+1. Building the credential-provider binary and including it in the test archive
+   uploaded to the GCE remote node.
+
+2. Writing the credential provider config into the temporary workspace consumed
+  by the kubelet. The contents of the config should be something like this:
+
+```yaml
+kind: CredentialProviderConfig
+apiVersion: kubelet.config.k8s.io/v1alpha1
+providers:
+  - name: credential-provider
+    apiVersion: credentialprovider.kubelet.k8s.io/v1alpha1
+    matchImages:
+    - "gcr.io"
+    - "*.gcr.io"
+    - "container.cloud.google.com"
+    - "*.pkg.dev"
+    defaultCacheDuration: 1m`
+```
+
+3. Configuring the following additional flags on the kubelet:
+
+```
+--feature-gates=DisableKubeletCloudCredentialProviders=true,KubeletCredentialProviders=true
+--image-credential-provider-config=/tmp/node-e2e-123456/credential-provider.yaml
+--image-credential-provider-bin-dir=/tmp/node-e2e-12345
+```