diff --git a/docs/content/dns/zz_gen_hyperone.md b/docs/content/dns/zz_gen_hyperone.md
index fcc8ab0c..0fdbf6ea 100644
--- a/docs/content/dns/zz_gen_hyperone.md
+++ b/docs/content/dns/zz_gen_hyperone.md
@@ -53,13 +53,13 @@ just a passport file in `~/.h1/passport.json` location.
 To use this application you have to generate passport file for `sa`:
 
 ```
-h1 sa credential generate --name my-passport --sa <sa ID> --passport-output-file ~/.h1/passport.json
+h1 iam project sa credential generate --name my-passport --project <project ID> --sa <sa ID> --passport-output-file ~/.h1/passport.json
 ```
 
 ### Required permissions
 
-Depending of environment variables usage, the application requires different permissions:
--  `dns/zone/list` if `HYPERONE_ZONE_URI` is not specified
+The application requires following permissions:
+-  `dns/zone/list`
 -  `dns/zone.recordset/list`
 -  `dns/zone.recordset/create`
 -  `dns/zone.recordset/delete`
@@ -67,6 +67,8 @@ Depending of environment variables usage, the application requires different per
 -  `dns/zone.record/list`
 -  `dns/zone.record/delete`
 
+All required permissions are available via platform role `tool.lego`.
+
 
 
 ## More information
diff --git a/providers/dns/hyperone/hyperone.toml b/providers/dns/hyperone/hyperone.toml
index e598904c..3e146e25 100644
--- a/providers/dns/hyperone/hyperone.toml
+++ b/providers/dns/hyperone/hyperone.toml
@@ -19,19 +19,21 @@ just a passport file in `~/.h1/passport.json` location.
 To use this application you have to generate passport file for `sa`:
 
 ```
-h1 sa credential generate --name my-passport --sa <sa ID> --passport-output-file ~/.h1/passport.json
+h1 iam project sa credential generate --name my-passport --project <project ID> --sa <sa ID> --passport-output-file ~/.h1/passport.json
 ```
 
 ### Required permissions
 
-Depending of environment variables usage, the application requires different permissions:
--  `dns/zone/list` if `HYPERONE_ZONE_URI` is not specified
+The application requires following permissions:
+-  `dns/zone/list`
 -  `dns/zone.recordset/list`
 -  `dns/zone.recordset/create`
 -  `dns/zone.recordset/delete`
 -  `dns/zone.record/create`
 -  `dns/zone.record/list`
 -  `dns/zone.record/delete`
+
+All required permissions are available via platform role `tool.lego`.
 '''
 
 [Configuration]