Google Cloud Storage MCP
OfficialGoogle's gcloud-mcp Storage server for managing GCS buckets and objects via natural language.
Add to your client
Copy the config for your MCP client and paste it into its config file.
npx -y @google-cloud/storage-mcpPaste into ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"google-cloud-storage-mcp": {
"command": "npx",
"args": [
"-y",
"@google-cloud/storage-mcp"
]
}
}
}Step-by-step guides: Add to Claude Desktop · Add to Cursor · Add to Windsurf
Before you start
- Node.js 20 or higher
- The gcloud CLI installed and authenticated — run `gcloud auth application-default login` (or authorize gcloud as a service account) so Application Default Credentials are available
- A Google Cloud project with the Cloud Storage API enabled; set GOOGLE_CLOUD_PROJECT (or GCP_PROJECT_ID)
- IAM permissions on the target buckets/objects — the MCP inherits exactly the permissions of the authenticated identity
About Google Cloud Storage MCP
Google Cloud Storage MCP is the Storage package of Google's gcloud-mcp project. It lets AI assistants manage GCS buckets and objects through natural language — listing and creating buckets, reading and writing objects, inspecting metadata, and checking IAM. It is published to npm as @google-cloud/storage-mcp and runs locally over stdio via npx.
The server is split into safe tools (enabled by default — listing, reading, metadata, IAM inspection, and create-if-new operations) and destructive tools (disabled unless you pass --enable-destructive-tools, covering deletes, overwrites, moves, label/metadata updates, and downloads). This makes it safe to attach to an agent out of the box while still allowing full read/write workflows when you opt in.
It also integrates with Storage Insights: tools like execute_insights_query and list_insights_configs let an agent run analytics over your storage estate via Insights datasets. Notably, the MCP's effective permissions are exactly those of the authenticated gcloud user or service account.
This repository is in preview, may see breaking changes, and is provided as a solution rather than an officially supported Google product.
Tools & capabilities (14)
list_bucketsList the GCS buckets in the project.
create_bucketCreate a new bucket.
get_bucket_metadataRead a bucket's metadata and configuration.
get_bucket_locationGet a bucket's location/region.
view_iam_policyView the IAM policy on a bucket.
check_iam_permissionsCheck which IAM permissions the caller has on a resource.
list_objectsList objects in a bucket.
read_object_metadataRead an object's metadata.
read_object_contentRead the contents of an object.
write_object_newWrite a new object (non-destructive; fails if it exists).
copy_object_newCopy to a new object without overwriting.
execute_insights_queryRun a Storage Insights query over a metadata dataset.
delete_objectDelete an object (destructive; requires --enable-destructive-tools).
delete_bucketDelete a bucket (destructive; requires --enable-destructive-tools).
When to use it
- Use it when you want an agent to browse and manage GCS buckets and objects in plain language instead of writing gcloud/gsutil commands.
- Use it when you need to read object contents or metadata to feed into an LLM workflow.
- Use it when you want safe-by-default storage access where deletes and overwrites are opt-in.
- Use it when you need storage analytics — querying Storage Insights datasets to understand object counts, sizes, and metadata at scale.
- Use it when you want to audit access by viewing IAM policies or checking effective permissions on buckets.
- Use it when you're building automation in Gemini CLI, Claude, Cursor, or another MCP client against GCS.
Quick setup
- 1Install Node.js 20+ and the gcloud CLI.
- 2Authenticate: run `gcloud auth application-default login` and set GOOGLE_CLOUD_PROJECT.
- 3For Gemini CLI, run `npx @google-cloud/storage-mcp init --agent=gemini-cli` (add `--enable-destructive-tools` to allow deletes/overwrites).
- 4For other clients, add a server entry with command `npx` and args `-y @google-cloud/storage-mcp`.
- 5Restart the client and verify (e.g. `gemini mcp list`), then try `list_buckets`.
Security notes
Permissions are tied directly to your active gcloud account's IAM roles via Application Default Credentials, so authenticate with a least-privilege account. Write/delete tools can mutate or remove objects in your buckets.
Google Cloud Storage MCP FAQ
How does authentication work?
It uses gcloud Application Default Credentials. Run `gcloud auth application-default login` (or authorize gcloud as a service account); the MCP acts with exactly that identity's IAM permissions.
Why can't the agent delete or overwrite objects?
Destructive tools (delete, overwrite, move, metadata/label updates, download) are disabled by default. Pass `--enable-destructive-tools` during init or in the server args to enable them.
Is this an official Google product?
It is published by Google (googleapis) as part of gcloud-mcp, but the repository is in preview, may have breaking changes, and is described as a solution rather than an officially supported product.
What are the Insights tools for?
`execute_insights_query` and `list_insights_configs` let the agent query Storage Insights datasets for storage analytics — object inventories and metadata across your buckets — using a queryable metadata table schema.
Which Node version do I need?
Node.js 20 or higher. The server is run via `npx @google-cloud/storage-mcp` over stdio.
Alternatives to Google Cloud Storage MCP
Compare all alternatives →
Official MCP reference server for secure local filesystem read/write within allowed directories.
Official MCP server for reading, searching, and manipulating a local Git repository's files and history.
Official AWS Labs MCP server to manage and query S3 Tables (table buckets, namespaces, tables).
Compare Google Cloud Storage MCP with: