diff --git a/command/ca/provisioner/add.go b/command/ca/provisioner/add.go
index c8c0f2070..7af2eba0f 100644
--- a/command/ca/provisioner/add.go
+++ b/command/ca/provisioner/add.go
@@ -100,6 +100,7 @@ IID (AWS/GCP/Azure)
 [**--azure-audience**=<name>] [**--azure-subscription-id**=<id>]
 [**--azure-object-id**=<id>] [**--instance-age**=<duration>] [**--iid-roots**=<file>]
 [**--disable-custom-sans**] [**--disable-trust-on-first-use**]
+[**--disable-ssh-ca-user**] [**--disable-ssh-ca-host**]
 [**--admin-cert**=<file>] [**--admin-key**=<file>]
 [**--admin-subject**=<subject>] [**--admin-provisioner**=<name>] [**--admin-password-file**=<file>]
 [**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>] [**--ca-config**=<file>]
@@ -790,6 +791,20 @@ func createGCPDetails(ctx *cli.Context) (*linkedca.ProvisionerDetails, error) {
 		return nil, err
 	}
 
+	var (
+		disableSSHCAUser *bool
+		disableSSHCAHost *bool
+	)
+
+	if ctx.IsSet("disable-ssh-ca-user") {
+		boolVal := ctx.Bool("disable-ssh-ca-user")
+		disableSSHCAUser = &boolVal
+	}
+	if ctx.IsSet("disable-ssh-ca-host") {
+		boolVal := ctx.Bool("disable-ssh-ca-host")
+		disableSSHCAHost = &boolVal
+	}
+
 	return &linkedca.ProvisionerDetails{
 		Data: &linkedca.ProvisionerDetails_GCP{
 			GCP: &linkedca.GCPProvisioner{
@@ -797,6 +812,8 @@ func createGCPDetails(ctx *cli.Context) (*linkedca.ProvisionerDetails, error) {
 				ProjectIds:             ctx.StringSlice("gcp-project"),
 				DisableCustomSans:      ctx.Bool("disable-custom-sans"),
 				DisableTrustOnFirstUse: ctx.Bool("disable-trust-on-first-use"),
+				DisableSshCaUser:       disableSSHCAUser,
+				DisableSshCaHost:       disableSSHCAHost,
 				InstanceAge:            d,
 			},
 		},
diff --git a/command/ca/provisioner/update.go b/command/ca/provisioner/update.go
index fa64543fa..912d69d1e 100644
--- a/command/ca/provisioner/update.go
+++ b/command/ca/provisioner/update.go
@@ -92,6 +92,7 @@ IID (AWS/GCP/Azure)
 [**--azure-audience**=<name>] [**--azure-subscription-id**=<id>]
 [**--azure-object-id**=<id>] [**--instance-age**=<duration>]
 [**--disable-custom-sans**] [**--disable-trust-on-first-use**]
+[**--disable-ssh-ca-user**] [**--disable-ssh-ca-host**]
 [**--admin-cert**=<file>] [**--admin-key**=<file>]
 [**--admin-subject**=<subject>] [**--admin-provisioner**=<name>] [**--admin-password-file**=<file>]
 [**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>] [**--ca-config**=<file>]
@@ -914,6 +915,14 @@ func updateGCPDetails(ctx *cli.Context, p *linkedca.Provisioner) error {
 	if ctx.IsSet("disable-trust-on-first-use") {
 		details.DisableTrustOnFirstUse = ctx.Bool("disable-trust-on-first-use")
 	}
+	if ctx.IsSet("disable-ssh-ca-user") {
+		boolVal := ctx.Bool("disable-ssh-ca-user")
+		details.DisableSshCaUser = &boolVal
+	}
+	if ctx.IsSet("disable-ssh-ca-host") {
+		boolVal := ctx.Bool("disable-ssh-ca-host")
+		details.DisableSshCaHost = &boolVal
+	}
 	if ctx.IsSet("remove-gcp-service-account") {
 		details.ServiceAccounts = removeElements(details.ServiceAccounts, ctx.StringSlice("remove-gcp-service-account"))
 	}