diff --git a/CHANGELOG.md b/CHANGELOG.md
index 96bf2a7e..b8c24ca2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -44,6 +44,7 @@ This document outlines major changes between releases.
 - Changed values for `frostfs_s3_gw_state_health` metric (#91)
 - Support multiple tree service endpoints (#74)
 - Timeout errors has code 504 now (#103)
+- Support multiple version credentials using GSet (#135)
 
 ### Removed
 - Drop `tree.service` param (now endpoints from `peers` section are used) (#133)
diff --git a/docs/authmate.md b/docs/authmate.md
index 94c39214..cf3c5171 100644
--- a/docs/authmate.md
+++ b/docs/authmate.md
@@ -114,6 +114,7 @@ $ frostfs-s3-authmate issue-secret --wallet wallet.json \
 
 {
   "access_key_id": "5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT0AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM",
+  "initial_access_key_id": "5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT0AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM",
   "secret_access_key": "438bbd8243060e1e1c9dd4821756914a6e872ce29bf203b68f81b140ac91231c",
   "owner_private_key": "274fdd6e71fc6a6b8fe77bec500254115d66d6d17347d7db0880d2eb80afc72a",
   "container_id":"5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT"
@@ -122,6 +123,9 @@ $ frostfs-s3-authmate issue-secret --wallet wallet.json \
 
 `access_key_id` and `secret_access_key` are AWS credentials that you can use with any S3 client.
 
+`initial_access_key_id` contains the first credentials in the chain of credentials versions
+(can be useful when you update your credentials).
+
 `access_key_id` consists of Base58 encoded containerID(cid) and objectID(oid) stored on the FrostFS network and containing
 the secret. Format of `access_key_id`: `%cid0%oid`, where 0(zero) is a delimiter.
 
@@ -134,6 +138,9 @@ the secret. Format of `access_key_id`: `%cid0%oid`, where 0(zero) is a delimiter
 24h). Default value is `720h` (30 days). It will be ceil rounded to the nearest amount of epoch
 * `--aws-cli-credentials` - path to the aws cli credentials file, where authmate will write `access_key_id` and
 `secret_access_key` to
+* `--access-key-id` -- credentials that you want to update (e.g. to add more gates that can use your creds)
+without changing values of `aws_access_key_id` and `aws_secret_access_key`. If you want to update credential you MUST
+provide also secret key using `AUTHMATE_SECRET_ACCESS_KEY` env variable.
 
 ### Bearer tokens