gcloud

Google Cloud Platform CLI (gcloud, gcloud storage, bq). Use when: managing GCP resources, deploying to Cloud Run/Cloud Functions/GKE/App Engine, working with Cloud Storage, BigQuery, IAM, Compute Engine, Cloud SQL, Pub/Sub, Secret Manager, Artifact Registry, Cloud Build, Cloud Scheduler, Cloud Tasks, Vertex AI, VPC/networking, DNS, logging/monitoring, or any GCP service. Also covers: authentication, project/config management, CI/CD integration, serverless deployments, container registry, docker push to GCP, managing secrets, Workload Identity Federation, and infrastructure automation.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "gcloud" with this command: npx skills add marcfargas/skills/marcfargas-skills-gcloud

gcloud — Google Cloud Platform CLI

Command-line interface for managing Google Cloud resources. Covers gcloud, gcloud storage (replaces gsutil), and bq (BigQuery).

Platform Notes (Windows + Git Bash)

  • Install: scoop install gcloud (preferred) or GoogleCloudSDKInstaller.exe
  • If installed via scoop, gcloud components install may not work — use scoop to manage
  • Config: %APPDATA%/gcloud/ (PowerShell) or ~/.config/gcloud/ (Git Bash)
  • Service account keys: store in $TEMP or project .secrets/, never commit
  • Python: gcloud requires Python; scoop install handles this automatically

⚠️ Path Translation Gotcha

Git Bash auto-translates /-prefixed args, breaking some gcloud commands:

# FIX — disable MSYS path conversion:
export MSYS_NO_PATHCONV=1

# Or per-command:
MSYS_NO_PATHCONV=1 gcloud projects add-iam-policy-binding my-project ...

⚠️ Cost: Commands that create resources (instances, clusters, databases) incur GCP charges. Always confirm project and region before creating.

Agent Safety Model

Operations classified by risk. Follow this model for all gcloud commands.

LevelGateExamples
READProceed autonomouslylist, describe, get, logs read, config list, gcloud storage ls
WRITEConfirm with user; note cost if billablecreate, deploy, update, enable, gcloud storage cp (upload)
DESTRUCTIVEAlways confirm; show what's affecteddelete, rm, gsutil rm -r, bq rm -r, rsync -d, IAM removal
EXPENSIVEConfirm + state approximate costGKE clusters ($70+/mo), SQL instances ($8-400/mo), VMs (~$5-2k/mo)
SECURITYConfirm + explain impact--allow-unauthenticated, firewall rules, IAM owner/editor grants
FORBIDDENRefuse; escalate to humangcloud iam service-accounts keys create, gcloud projects delete, passwords in CLI args

Rules:

  • Never combine --quiet with destructive operations — it suppresses the only safety gate
  • Never put passwords/secrets as command-line arguments — visible in process list & shell history
  • Always use --format=json for machine-parseable output (agents can't reliably parse tables)
  • When in doubt, treat as DESTRUCTIVE

Command Structure

gcloud [RELEASE_LEVEL] COMPONENT ENTITY OPERATION [ARGS] [FLAGS]

Key global flags: --project, --format, --filter, --limit, --quiet, --verbosity, --async

Service Reference

ServiceFileKey Commands
Auth & Configauth.mdLogin, ADC, impersonation, config profiles
IAM & Projectsiam.mdProjects, APIs, service accounts, Secret Manager
Compute & Networkingcompute.mdVMs, SSH, firewall, VPC, DNS, static IPs
Serverlessserverless.mdCloud Run, Functions, App Engine, Scheduler, Tasks
Storage & Artifactsstorage.mdgcloud storage, Artifact Registry
Datadata.mdCloud SQL, BigQuery (bq), Pub/Sub
Automation & CI/CDautomation.mdScripting, output formats, filtering, GitHub Actions, operations

Read the per-service file for full command reference.

Pre-Flight Checks

Before working with any GCP service:

# 1. Correct project?
gcloud config get-value project

# 2. Default region set?
gcloud config get-value compute/region

# 3. Required API enabled? (most APIs are disabled by default)
gcloud services list --filter="name:run.googleapis.com" --format="value(name)" | grep -q run || \
  gcloud services enable run.googleapis.com

# 4. Billing enabled?
gcloud billing projects describe $(gcloud config get-value project) --format="value(billingEnabled)"

If you hit PERMISSION_DENIED: ... API has not been enabled, enable the API mentioned in the error and retry.

Troubleshooting

ProblemDiagnosisFix
Auth failuregcloud auth listgcloud auth login or check key file
Permission deniedCheck IAM (see iam.md)Grant correct role
API not enabledError message says which APIgcloud services enable API_NAME
Quota exceededgcloud compute project-info describeRequest increase in Console
Wrong projectgcloud config get-value projectgcloud config set project X
Wrong regiongcloud config get-value compute/regionSet correct region; related resources must match
Config confusiongcloud config configurations listCheck active config, override with --project
Slow commandsLarge result setUse --filter, --limit, --format=value
# Debug mode
gcloud compute instances list --verbosity=debug

# Full environment info
gcloud info

Quick Reference

TaskCommand
Logingcloud auth login
Set projectgcloud config set project PROJECT_ID
Current projectgcloud config get-value project
Enable APIgcloud services enable API.googleapis.com
List anythinggcloud COMPONENT list --format=json
Describe anythinggcloud COMPONENT describe NAME --format=json
JSON output--format=json
Single value--format="value(field)"
Filter--filter="field=value"
Quiet ⚠️--quiet — suppresses ALL prompts including delete confirmations
Helpgcloud COMPONENT --help

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

azcli

No summary provided by upstream source.

Repository SourceNeeds Review
-9
marcfargas
General

pm2

No summary provided by upstream source.

Repository SourceNeeds Review
-38
marcfargas
General

web-search

No summary provided by upstream source.

Repository SourceNeeds Review
-26
marcfargas