diff --git a/README.md b/README.md
index 46f9a3d8e..fae6990bb 100644
--- a/README.md
+++ b/README.md
@@ -91,7 +91,95 @@ createBucket().catch(console.error);
 
 ```
 
+### Initializing credentials 
 
+One way to initiailize credentials for the `Storage` constructor is by
+providing a path to a JSON file with the credentials, such as a service
+account key generated from the Google Cloud console, as follows:
+
+```javascript
+const storage = new Storage({keyFilename: 'key.json'});
+```
+
+You can also initialize the `Storage` constructor with credentials by
+providing it the parsed JSON object if you store it with something like an
+environment variable or secrets storage, as demonstrated in the following
+code snippets.
+
+Load the JSON contents from a file on disk:
+
+```javascript
+
+const serviceAccountKey = require('key.json');
+
+const storage = new Storage({
+  credentials: serviceAccountKey
+});
+```
+
+However, if you try to load the JSON contents from an environment variable
+that you stored the contents into by stringifying the JSON object then it
+will prove problematic. Consider the following code snippet:
+
+```javascript
+const storageCreds = process.env.GOOGLE_CLOUD_KEY_FILE;
+const storageCredsJSON = JSON.parse(storageCreds);
+
+const storage = new Storage({
+  credentials: storageCredsJSON
+});
+```
+
+This won't work well and will result in errors when the constructor is
+instantiated: `error:1E08010C:DECODER routines::unsupported`. This error
+happens due to serializing and unserializing string contents that
+includes `\n` into environment variables.
+
+To properly save the contents of the service account key we can use 
+Base64 encoding of the stringified JSON object. 
+
+First, encode the contents of the service account key file to receive
+the Base64 representation of it:
+
+
+```javascript
+const serviceAccountJSON = require('key.json');
+const serviceAccountBuffer = Buffer.from(JSON.stringify(serviceAccountJSON), 'utf-8');
+const serviceAccountBase64Encoded = serviceAccountBuffer.toString('base64');
+```
+
+The string contents of `serviceAccountBase64Encoded` can be set as an environment
+variable and then decoded when using it with the SDK as follows:
+
+```javascript
+const serviceAccountBase64Encoded = process.env.GCLOUD_SERVICE_ACCOUNT_KEY;
+const serviceAccountBuffer = Buffer.from(JSON.stringify(serviceAccountBase64Encoded), 'base64');
+const serviceAccountJSON = JSON.parse(serviceAccountBuffer.toString('utf-8');
+
+const storage = new Storage({
+  credentials: serviceAccountJSON
+});
+```
+
+Note, you can also specify the credentials directly during
+the `Storage` constructor initialization process, such as:
+
+```javascript
+new Storage({
+  credentials: {
+      type: 'service_account',
+      project_id: 'xxxxxxx',
+      private_key_id: 'xxxx',
+      private_key:'-----BEGIN PRIVATE KEY-----xxxxxxx\n-----END PRIVATE KEY-----\n',
+      client_email: 'xxxx',
+      client_id: 'xxx',
+      auth_uri: 'https://accounts.google.com/o/oauth2/auth',
+      token_uri: 'https://oauth2.googleapis.com/token',
+      auth_provider_x509_cert_url: 'https://www.googleapis.com/oauth2/v1/certs',
+      client_x509_cert_url: 'xxx',
+    }
+});
+```
 
 ## Samples