Your application relies on service accounts for authentication to GCP services, utilizing credentials stored on its Compute Engine virtual machine instances. You aim to securely distribute these credentials to the host instances. What's the recommended approach?