# Google Cloud Storage > Read, write, and manage GCS buckets and objects from an AI agent — official Google MCP, local or remote. [Canonical HTML page](https://top-mcps.com/mcp/google-cloud-storage) · [server.json](https://top-mcps.com/mcp/google-cloud-storage.json) · [methodology](https://top-mcps.com/about/methodology) ## Install ### Claude Desktop — `claude_desktop_config.json` Paste under mcpServers. Fully quit and reopen Claude after editing. ```json { "mcpServers": { "google-cloud-storage": { "command": "npx", "args": [ "-y", "@google-cloud/storage-mcp" ] } } } ``` ### Claude Code — `CLI or .mcp.json` Run from your repo. Commit .mcp.json to share with your team. ```shell claude mcp add google-cloud-storage -- npx -y @google-cloud/storage-mcp ``` ### Cursor — `.cursor/mcp.json` Global path: ~/.cursor/mcp.json. Reload window after editing. ```json { "mcpServers": { "google-cloud-storage": { "command": "npx", "args": [ "-y", "@google-cloud/storage-mcp" ] } } } ``` ### VS Code — `.vscode/mcp.json` VS Code uses the "servers" key (not "mcpServers"). ```jsonc { "servers": { "google-cloud-storage": { "command": "npx", "args": [ "-y", "@google-cloud/storage-mcp" ] } } } ``` ### Windsurf — `~/.codeium/windsurf/mcp_config.json` Open via Cascade → hammer icon → Configure. ```json { "mcpServers": { "google-cloud-storage": { "command": "npx", "args": [ "-y", "@google-cloud/storage-mcp" ] } } } ``` ### Cline — `cline_mcp_settings.json` Open via the Cline sidebar → MCP Servers → Edit. ```json { "mcpServers": { "google-cloud-storage": { "command": "npx", "args": [ "-y", "@google-cloud/storage-mcp" ] } } } ``` ### Continue — `~/.continue/config.json` Continue uses modelContextProtocolServers with a transport block. ```json { "experimental": { "modelContextProtocolServers": [ { "transport": { "type": "stdio", "command": "npx", "args": [ "-y", "@google-cloud/storage-mcp" ] } } ] } } ``` ### Codex CLI — `~/.codex/config.toml` Codex uses TOML. Each server is a [mcp_servers.] subtable. ```shell # ~/.codex/config.toml [mcp_servers.google-cloud-storage] command = "npx" args = [ "-y", "@google-cloud/storage-mcp", ] ``` ### Zed — `~/.config/zed/settings.json` Zed calls them "context_servers". Settings live-reload on save. ```jsonc { "context_servers": { "google-cloud-storage": { "command": { "path": "npx", "args": [ "-y", "@google-cloud/storage-mcp" ] } } } } ``` ### ChatGPT — `ChatGPT → Settings → Connectors (remote URL)` Paste this into Settings → Connectors → Add custom connector. Requires ChatGPT Pro / Team / Enterprise / Edu with Developer mode enabled. ChatGPT supports remote HTTPS MCP servers only — stdio servers must be hosted on a public HTTPS endpoint first. ```json { "name": "Google Cloud Storage", "transport": "http", "url": "https://storage.googleapis.com/storage/mcp" } ``` ## At a glance - **Maintainer:** Google - **Transport:** stdio, Streamable HTTP - **Auth model:** OAuth 2.1 - **Required secrets:** None - **Supported clients:** Claude, Cursor, VS Code, Gemini CLI, Gemini Code Assist, Any MCP-compatible client - **License:** Apache-2.0 - **Language:** TypeScript - **Latest version:** 0.6.0 - **Last verified:** 2026-06-15 - **GitHub stars:** 843 (fetched 2026-06-22T06:16:39.900Z) - **Score:** 86/100 (rubric 2026-04 — see https://top-mcps.com/about/methodology) - **Source:** https://github.com/googleapis/gcloud-mcp/tree/main/packages/storage-mcp ## Security & scope - **Access scope:** read-write - **Sandbox:** Authenticates with Google Cloud IAM — the agent can only act on buckets and objects the calling identity has permission for. Every call to the remote MCP lands in Cloud Audit Logs. Destructive tools are an opt-in tier. - **Gotchas:** - The destructive tier (delete, overwrite, modify metadata) runs without a confirmation step once enabled — scope the IAM identity to least privilege or leave destructive tools off. - The local package is labelled as in preview at 0.6.0; production agents should prefer the managed remote endpoint. ## Quick answer **What it does.** Exposes Google Cloud Storage operations as MCP tools — list/create buckets, read/write/delete objects, fetch object and bucket metadata, run Storage Insights BigQuery queries — with a split between safe (read + create) and destructive (delete + overwrite) tools so the destructive tier can be turned off. **Best for:** - Reading GCS objects as agent context - Writing generated artifacts to a bucket - Bucket and object metadata audits - Storage Insights cost/lifecycle reports - Teams already on Google Cloud IAM **Not for:** - Non-GCS object stores (S3, R2, Azure Blob) - Unattended destructive operations on production buckets - Workloads where IAM-based auth is heavier than an API key ## Recipes ### Audit objects written in the last 24 hours ``` Using the GCS MCP, list every object created in `gs://my-prod-bucket` in the last 24 hours. Return object name, size, content type, and the service account that wrote it. ``` _Tested with: Claude Desktop, Cursor, Gemini CLI_ ## Description The official Google Cloud Storage MCP server lets an AI agent list buckets, read and write objects, fetch metadata, and run Storage Insights BigQuery queries against GCS. Google ships both a local stdio server (npm `@google-cloud/storage-mcp`, Apache-2.0) and a fully-managed remote endpoint at `storage.googleapis.com/storage/mcp` that authenticates with IAM. The remote server was announced on 2026-06-03 on the Google Cloud blog. ## Why it matters GCS is the default object store for any team running on Google Cloud. Until now an agent reasoning over GCS-hosted unstructured data had to drop into the `gsutil` CLI or write its own glue; the official MCP closes the loop with first-party IAM enforcement and Audit Logs visibility. ## Key features - Official Google maintenance (googleapis/gcloud-mcp) - Local stdio server via `npx @google-cloud/storage-mcp` - Fully-managed remote endpoint at `storage.googleapis.com/storage/mcp` - IAM-based auth (OAuth 2.0) with Cloud Audit Logs - Safe vs. destructive tool split — destructive tier opt-in ## FAQ ### Local server or remote? Both are official. The local stdio server (`npx @google-cloud/storage-mcp`) is best for personal automation and Gemini CLI; the remote endpoint at `storage.googleapis.com/storage/mcp` is fully managed by Google with IAM-based auth and is the right choice for production agents. The remote server is the one announced on 2026-06-03. ### How does authentication work? The remote MCP uses OAuth 2.0 tied to IAM, so the agent inherits the caller's GCS permissions and every action lands in Cloud Audit Logs. The local server uses Application Default Credentials — typically a `gcloud auth application-default login` session or a service-account key, with the same IAM enforcement. ### Can it delete buckets or overwrite objects? Yes, but the destructive tools (delete bucket, delete object, overwrite object, modify metadata) are an opt-in tier. The safe tools (list buckets, read objects, create new buckets and objects, run Storage Insights queries) are on by default. ### Is it ready for production? The remote server is generally available; the local package is at version 0.6.0 and labelled as in preview in the README. Treat the local install as preview-grade and the remote endpoint as production-grade until the local package crosses 1.0. ## Changelog - **2026-06-15** — Refreshed install snippets and fact sheet; verified for 2026. - **2026-06-03** — Initial directory listing.