diff --git a/libs/java/gcp_zts_creds/examples/gcp-zts-creds/README.md b/libs/java/gcp_zts_creds/examples/gcp-zts-creds/README.md
index 658d6bfb5bb..c561b9d4315 100644
--- a/libs/java/gcp_zts_creds/examples/gcp-zts-creds/README.md
+++ b/libs/java/gcp_zts_creds/examples/gcp-zts-creds/README.md
@@ -36,7 +36,39 @@ from the current directory by replacing `<cwd>` with your current working
 directory path and `<java-home>` with your java home directory path.
 
 ```
-java -cp <cwd>/target/example-zts-gcp-creds-1.0.jar:<cwd>/target/dependency/* com.yahoo.athenz.example.zts.gcp.ZTSGCPCredsClient -d athenz.project1 -k <cwd>/key.pem -c <cwd>/cert.pem -p changeit -z https://<athenz-zts-server-host>/zts/v1 -t <java-home>/jre/lib/security/cacerts -r gcp.fed.admin.user -i athenz.project1.gcp -b gcp-bucket-name -j athenz-project1 -n 12345678 -w athenz -m athenz -f gcp.athenz.io -s gcp-service-name
+java -cp <cwd>/target/example-zts-gcp-creds-1.0.jar:<cwd>/target/dependency/* com.yahoo.athenz.example.zts.gcp.ZTSGCPCredsStorageClient -d athenz.project1 -k <cwd>/key.pem -c <cwd>/cert.pem -p changeit -z https://<athenz-zts-server-host>/zts/v1 -t <java-home>/jre/lib/security/cacerts -r gcp.fed.admin.user -i athenz.project1.gcp -b gcp-bucket-name -j athenz-project1 -n 12345678 -w athenz -m athenz -f gcp.athenz.io -s gcp-service-name
+```
+
+Example 2:
+
+The example lists the all the DNS Zones from the specified GCP Project.
+It then proceeds to display any TXT records if configured.
+The utility supports the following command line options:
+
+```
+usage: zts-gcp-creds-client
+ -c,--cert <arg>                   certificate path
+ -d,--domain <arg>                 domain name
+ -f,--redirectUriSuffix <arg>      redirect uri prefix
+ -i,--clientid <arg>               client id
+ -j,--projectId <arg>              project id
+ -k,--key <arg>                    private key path
+ -m,--workLoadProviderName <arg>   workload identity provider name
+ -n,--projectNumber <arg>          project id
+ -p,--trustStorePassword <arg>     CA TrustStore password
+ -r,--role <arg>                   role name
+ -s,--serviceAccount <arg>         service account name
+ -t,--trustStorePath <arg>         CA TrustStore path
+ -w,--workLoadPoolName <arg>       workload identity pool name
+ -z,--ztsurl <arg>                 ZTS Server url
+```
+
+First build the example by executing `mvn clean package` and then run
+from the current directory by replacing `<cwd>` with your current working
+directory path and `<java-home>` with your java home directory path.
+
+```
+java -cp <cwd>/target/example-zts-gcp-creds-1.0.jar:<cwd>/target/dependency/* com.yahoo.athenz.example.zts.gcp.ZTSGCPCredsDNSClient -d athenz.project1 -k <cwd>/key.pem -c <cwd>/cert.pem -p changeit -z https://<athenz-zts-server-host>/zts/v1 -t <java-home>/jre/lib/security/cacerts -r gcp.fed.admin.user -i athenz.project1.gcp -j athenz-project1 -n 12345678 -w athenz -m athenz -f gcp.athenz.io -s gcp-service-name
 ```
 
 Copyright The Athenz Authors
diff --git a/libs/java/gcp_zts_creds/examples/gcp-zts-creds/pom.xml b/libs/java/gcp_zts_creds/examples/gcp-zts-creds/pom.xml
index 3cb8754cb58..e1760dddbaf 100644
--- a/libs/java/gcp_zts_creds/examples/gcp-zts-creds/pom.xml
+++ b/libs/java/gcp_zts_creds/examples/gcp-zts-creds/pom.xml
@@ -27,7 +27,7 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-    <athenz.version>1.11.45</athenz.version>
+    <athenz.version>1.11.46</athenz.version>
     <gcp.bom.version>26.26.0</gcp.bom.version>
   </properties>
 
@@ -62,12 +62,12 @@
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-api</artifactId>
-      <version>1.7.36</version>
+      <version>2.0.9</version>
     </dependency>
     <dependency>
       <groupId>ch.qos.logback</groupId>
       <artifactId>logback-classic</artifactId>
-      <version>1.2.11</version>
+      <version>1.4.11</version>
     </dependency>
     <dependency>
       <groupId>com.google.auth</groupId>
@@ -81,6 +81,10 @@
       <groupId>com.google.cloud</groupId>
       <artifactId>google-cloud-storage</artifactId>
     </dependency>
+    <dependency>
+      <groupId>com.google.cloud</groupId>
+      <artifactId>google-cloud-dns</artifactId>
+    </dependency>
   </dependencies>
 
   <build>
@@ -88,7 +92,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-dependency-plugin</artifactId>
-        <version>3.0.0</version>
+        <version>3.6.0</version>
         <executions>
           <execution>
             <id>copy</id>
@@ -105,6 +109,15 @@
           </execution>
         </executions>
       </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <version>3.11.0</version>
+        <configuration>
+          <source>11</source>
+          <target>11</target>
+        </configuration>
+      </plugin>
     </plugins>
   </build>
 
diff --git a/libs/java/gcp_zts_creds/examples/gcp-zts-creds/src/main/java/com/yahoo/athenz/example/zts/gcp/ZTSGCPCredsDNSClient.java b/libs/java/gcp_zts_creds/examples/gcp-zts-creds/src/main/java/com/yahoo/athenz/example/zts/gcp/ZTSGCPCredsDNSClient.java
new file mode 100644
index 00000000000..be986598560
--- /dev/null
+++ b/libs/java/gcp_zts_creds/examples/gcp-zts-creds/src/main/java/com/yahoo/athenz/example/zts/gcp/ZTSGCPCredsDNSClient.java
@@ -0,0 +1,177 @@
+/**
+ * Copyright The Athenz Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.yahoo.athenz.example.zts.gcp;
+
+import com.google.auth.oauth2.*;
+import com.google.cloud.dns.Dns;
+import com.google.cloud.dns.DnsOptions;
+import com.google.cloud.dns.RecordSet;
+import com.oath.auth.KeyRefresherException;
+import com.yahoo.athenz.creds.gcp.GCPZTSCredentials;
+import org.apache.commons.cli.*;
+import java.io.IOException;
+import java.util.Collections;
+
+public class ZTSGCPCredsDNSClient {
+    
+    public static void main(String[] args) throws KeyRefresherException, IOException, InterruptedException {
+        
+        // parse our command line to retrieve required input
+        
+        CommandLine cmd = parseCommandLine(args);
+
+        final String domainName = cmd.getOptionValue("domain").toLowerCase();
+        final String roleName = cmd.getOptionValue("role").toLowerCase();
+        final String ztsUrl = cmd.getOptionValue("ztsurl");
+        final String keyPath = cmd.getOptionValue("key");
+        final String certPath = cmd.getOptionValue("cert");
+        final String clientId = cmd.getOptionValue("clientid");
+        final String projectId = cmd.getOptionValue("projectId");
+        final String projectNumber = cmd.getOptionValue("projectNumber");
+        final String trustStorePath = cmd.getOptionValue("trustStorePath");
+        final String trustStorePassword = cmd.getOptionValue("trustStorePassword");
+        final String workLoadPoolName = cmd.getOptionValue("workLoadPoolName");
+        final String workLoadProviderName = cmd.getOptionValue("workLoadProviderName");
+        final String redirectUriSuffix = cmd.getOptionValue("redirectUriSuffix");
+        final String serviceAccount = cmd.getOptionValue("serviceAccount");
+
+        // create our credentials object based on the input data
+
+        GCPZTSCredentials gcpztsCredentials = new GCPZTSCredentials.Builder()
+                .setZtsUrl(ztsUrl)
+                .setProjectId(projectId)
+                .setProjectNumber(projectNumber)
+                .setWorkloadPoolName(workLoadPoolName)
+                .setWorkloadProviderName(workLoadProviderName)
+                .setServiceAccountName(serviceAccount)
+                .setCertFile(certPath)
+                .setKeyFile(keyPath)
+                .setTrustStorePath(trustStorePath)
+                .setTrustStorePassword(trustStorePassword.toCharArray())
+                .setCertRefreshTimeout(30000)
+                .setDomainName(domainName)
+                .setRoleNames(Collections.singletonList(roleName))
+                .setClientId(clientId)
+                .setRedirectUriSuffix(redirectUriSuffix)
+                .setTokenLifetimeSeconds(3600)
+                .build();
+
+        // create our Google external account credentials
+
+        ExternalAccountCredentials credentials = gcpztsCredentials.getTokenAPICredentials();
+
+        try {
+
+            // list all the zones and then iterate through all the record sets
+            // and display all DNS TXT records
+
+            Dns dns = DnsOptions.newBuilder().setCredentials(credentials).setProjectId(projectId)
+                    .build().getService();
+
+            dns.listZones().iterateAll().forEach(zone -> {
+                zone.listRecordSets().iterateAll().forEach(recordSet -> {
+                    System.out.println("record: " + recordSet.getName() + " type: " + recordSet.getType());
+                    if (recordSet.getType().equals(RecordSet.Type.TXT)) {
+                        System.out.println(recordSet.getRecords());
+                    }
+                });
+            });
+        } catch (Exception ex) {
+            ex.printStackTrace();
+        }
+
+        gcpztsCredentials.close();
+    }
+
+    private static CommandLine parseCommandLine(String[] args) {
+        
+        Options options = new Options();
+        
+        Option domain = new Option("d", "domain", true, "domain name");
+        domain.setRequired(true);
+        options.addOption(domain);
+        
+        Option role = new Option("r", "role", true, "role name");
+        role.setRequired(true);
+        options.addOption(role);
+        
+        Option key = new Option("k", "key", true, "private key path");
+        key.setRequired(true);
+        options.addOption(key);
+        
+        Option cert = new Option("c", "cert", true, "certificate path");
+        cert.setRequired(true);
+        options.addOption(cert);
+
+        Option trustStore = new Option("t", "trustStorePath", true, "CA TrustStore path");
+        trustStore.setRequired(true);
+        options.addOption(trustStore);
+        
+        Option trustStorePassword = new Option("p", "trustStorePassword", true, "CA TrustStore password");
+        trustStorePassword.setRequired(true);
+        options.addOption(trustStorePassword);
+        
+        Option ztsUrl = new Option("z", "ztsurl", true, "ZTS Server url");
+        ztsUrl.setRequired(true);
+        options.addOption(ztsUrl);
+
+        Option clientId = new Option("i", "clientid", true, "client id");
+        clientId.setRequired(true);
+        options.addOption(clientId);
+
+        Option zone = new Option("b", "zone", true, "zone name");
+        zone.setRequired(true);
+        options.addOption(zone);
+
+        Option projectId = new Option("j", "projectId", true, "project id");
+        projectId.setRequired(true);
+        options.addOption(projectId);
+
+        Option projectNumber = new Option("n", "projectNumber", true, "project id");
+        projectNumber.setRequired(true);
+        options.addOption(projectNumber);
+
+        Option workLoadPoolName = new Option("w", "workLoadPoolName", true, "workload identity pool name");
+        workLoadPoolName.setRequired(true);
+        options.addOption(workLoadPoolName);
+
+        Option workLoadProviderName = new Option("m", "workLoadProviderName", true, "workload identity provider name");
+        workLoadProviderName.setRequired(true);
+        options.addOption(workLoadProviderName);
+
+        Option redirectUriSuffix = new Option("f", "redirectUriSuffix", true, "redirect uri prefix");
+        redirectUriSuffix.setRequired(true);
+        options.addOption(redirectUriSuffix);
+
+        Option serviceAccount = new Option("s", "serviceAccount", true, "service account name");
+        serviceAccount.setRequired(true);
+        options.addOption(serviceAccount);
+
+        CommandLineParser parser = new DefaultParser();
+        HelpFormatter formatter = new HelpFormatter();
+        CommandLine cmd = null;
+        
+        try {
+            cmd = parser.parse(options, args);
+        } catch (ParseException e) {
+            System.out.println(e.getMessage());
+            formatter.printHelp("zts-gcp-creds-client", options);
+            System.exit(1);
+        }
+        
+        return cmd;
+    }
+}
diff --git a/libs/java/gcp_zts_creds/examples/gcp-zts-creds/src/main/java/com/yahoo/athenz/example/zts/gcp/ZTSGCPCredsClient.java b/libs/java/gcp_zts_creds/examples/gcp-zts-creds/src/main/java/com/yahoo/athenz/example/zts/gcp/ZTSGCPCredsStorageClient.java
similarity index 99%
rename from libs/java/gcp_zts_creds/examples/gcp-zts-creds/src/main/java/com/yahoo/athenz/example/zts/gcp/ZTSGCPCredsClient.java
rename to libs/java/gcp_zts_creds/examples/gcp-zts-creds/src/main/java/com/yahoo/athenz/example/zts/gcp/ZTSGCPCredsStorageClient.java
index 8ca41faa458..c985e5b4855 100644
--- a/libs/java/gcp_zts_creds/examples/gcp-zts-creds/src/main/java/com/yahoo/athenz/example/zts/gcp/ZTSGCPCredsClient.java
+++ b/libs/java/gcp_zts_creds/examples/gcp-zts-creds/src/main/java/com/yahoo/athenz/example/zts/gcp/ZTSGCPCredsStorageClient.java
@@ -26,7 +26,7 @@
 import java.io.IOException;
 import java.util.Collections;
 
-public class ZTSGCPCredsClient {
+public class ZTSGCPCredsStorageClient {
     
     public static void main(String[] args) throws KeyRefresherException, IOException, InterruptedException {