gcloud

Original：🇺🇸 English

Translated

Google Cloud Platform CLI (gcloud, gcloud storage, bq). Use when: managing GCP resources, deploying to Cloud Run/Cloud Functions/GKE/App Engine, working with Cloud Storage, BigQuery, IAM, Compute Engine, Cloud SQL, Pub/Sub, Secret Manager, Artifact Registry, Cloud Build, Cloud Scheduler, Cloud Tasks, Vertex AI, VPC/networking, DNS, logging/monitoring, or any GCP service. Also covers: authentication, project/config management, CI/CD integration, serverless deployments, container registry, docker push to GCP, managing secrets, Workload Identity Federation, and infrastructure automation.

2installs

Sourcemarcfargas/skills

Added on2026-02-15

NPX Install

npx skill4agent add marcfargas/skills gcloud

SKILL.md Content

View Translation Comparison →

gcloud — Google Cloud Platform CLI

Command-line interface for managing Google Cloud resources. Covers

gcloud

,

gcloud storage

(replaces

gsutil

), and

bq

(BigQuery).

Platform Notes (Windows + Git Bash)

Install:

scoop install gcloud

(preferred) or

GoogleCloudSDKInstaller.exe

If installed via scoop,
```
gcloud components install
```
may not work — use scoop to manage
Config:
```
%APPDATA%/gcloud/
```
(PowerShell) or
```
~/.config/gcloud/
```
(Git Bash)
Service account keys: store in
```
$TEMP
```
or project
```
.secrets/
```
, never commit
Python: gcloud requires Python; scoop install handles this automatically

⚠️ Path Translation Gotcha

Git Bash auto-translates

-prefixed args, breaking some gcloud commands:

bash

# FIX — disable MSYS path conversion:
export MSYS_NO_PATHCONV=1

# Or per-command:
MSYS_NO_PATHCONV=1 gcloud projects add-iam-policy-binding my-project ...

⚠️ Cost: Commands that create resources (instances, clusters, databases) incur GCP charges. Always confirm project and region before creating.

Agent Safety Model

Operations classified by risk. Follow this model for all gcloud commands.

Level	Gate	Examples
READ	Proceed autonomously	`list` , `describe` , `get` , `logs read` , `config list` , `gcloud storage ls`
WRITE	Confirm with user; note cost if billable	`create` , `deploy` , `update` , `enable` , `gcloud storage cp` (upload)
DESTRUCTIVE	Always confirm; show what's affected	`delete` , `rm` , `gsutil rm -r` , `bq rm -r` , `rsync -d` , IAM removal
EXPENSIVE	Confirm + state approximate cost	GKE clusters (~~$70+/mo), SQL instances (~~$8-400/mo), VMs (~$5-2k/mo)
SECURITY	Confirm + explain impact	`--allow-unauthenticated` , firewall rules, IAM owner/editor grants
FORBIDDEN	Refuse; escalate to human	`gcloud iam service-accounts keys create` , `gcloud projects delete` , passwords in CLI args

Rules:

Never combine
--quiet
with destructive operations — it suppresses the only safety gate
Never put passwords/secrets as command-line arguments — visible in process list & shell history
Always use
--format=json
for machine-parseable output (agents can't reliably parse tables)
When in doubt, treat as DESTRUCTIVE

Command Structure

text

gcloud [RELEASE_LEVEL] COMPONENT ENTITY OPERATION [ARGS] [FLAGS]

Key global flags:

--project

,

--format

,

--filter

,

--limit

,

--quiet

,

--verbosity

,

--async

Service Reference

Service	File	Key Commands
Auth & Config	auth.md	Login, ADC, impersonation, config profiles
IAM & Projects	iam.md	Projects, APIs, service accounts, Secret Manager
Compute & Networking	compute.md	VMs, SSH, firewall, VPC, DNS, static IPs
Serverless	serverless.md	Cloud Run, Functions, App Engine, Scheduler, Tasks
Storage & Artifacts	storage.md	gcloud storage, Artifact Registry
Data	data.md	Cloud SQL, BigQuery (bq), Pub/Sub
Automation & CI/CD	automation.md	Scripting, output formats, filtering, GitHub Actions, operations

Read the per-service file for full command reference.

Pre-Flight Checks

Before working with any GCP service:

bash

# 1. Correct project?
gcloud config get-value project

# 2. Default region set?
gcloud config get-value compute/region

# 3. Required API enabled? (most APIs are disabled by default)
gcloud services list --filter="name:run.googleapis.com" --format="value(name)" | grep -q run || \
  gcloud services enable run.googleapis.com

# 4. Billing enabled?
gcloud billing projects describe $(gcloud config get-value project) --format="value(billingEnabled)"

If you hit
PERMISSION_DENIED: ... API has not been enabled
, enable the API mentioned in the error and retry.

Troubleshooting

Problem	Diagnosis	Fix
Auth failure	`gcloud auth list`	`gcloud auth login` or check key file
Permission denied	Check IAM (see iam.md)	Grant correct role
API not enabled	Error message says which API	`gcloud services enable API_NAME`
Quota exceeded	`gcloud compute project-info describe`	Request increase in Console
Wrong project	`gcloud config get-value project`	`gcloud config set project X`
Wrong region	`gcloud config get-value compute/region`	Set correct region; related resources must match
Config confusion	`gcloud config configurations list`	Check active config, override with `--project`
Slow commands	Large result set	Use `--filter` , `--limit` , `--format=value`

bash

# Debug mode
gcloud compute instances list --verbosity=debug

# Full environment info
gcloud info

Quick Reference

Task	Command
Login	`gcloud auth login`
Set project	`gcloud config set project PROJECT_ID`
Current project	`gcloud config get-value project`
Enable API	`gcloud services enable API.googleapis.com`
List anything	`gcloud COMPONENT list --format=json`
Describe anything	`gcloud COMPONENT describe NAME --format=json`
JSON output	`--format=json`
Single value	`--format="value(field)"`
Filter	`--filter="field=value"`
Quiet ⚠️	`--quiet` — suppresses ALL prompts including delete confirmations
Help	`gcloud COMPONENT --help`

gcloud

NPX Install

Tags

SKILL.md Content

gcloud — Google Cloud Platform CLI

Platform Notes (Windows + Git Bash)

⚠️ Path Translation Gotcha

Agent Safety Model

Command Structure

Service Reference

Pre-Flight Checks

Troubleshooting

Quick Reference