Google Cloud SDK (gcloud CLI)

Installation options

gcloud CLI

gcloud init – initialize or reinitialize gcloud


gcloud init

gcloud auth – manage credentials 

gcloud auth login – authorize gcloud to access Google Cloud Platform with Google user credentials

gcloud auth list – lists credentialed accounts

$ gcloud auth list
       Credentialed Accounts

To set the active account, run:
    $ gcloud config set account `ACCOUNT`

gcloud auth activate-service-account – authorize access to Google Cloud Platform with a service account


$ gcloud auth activate-service-account --key-file=/path/to/key-file.json
Activated service account credentials for: []

$ gcloud auth list
       Credentialed Accounts


gcloud config – view and edit Cloud SDK properties

gcloud config list – list Cloud SDK properties for the currently active configuration

$ gcloud config list
account =
disable_usage_reporting = True
project = my-project

Your active configuration is: [my-account-my-project]

List all set and unset properties that match the arguments.

$ gcloud config list --all


gcloud components update


gcloud cheat-sheet – display gcloud cheat sheet

  Getting started
    Get going with the gcloud command-line tool

      ▪ gcloud init: Initialize, authorize, and configure the gcloud tool.
      ▪ gcloud version: Display version and installed components.
      ▪ gcloud components install: Install specific components.
      ▪ gcloud components update: Update your Cloud SDK to the latest
      ▪ gcloud config set project: Set a default Google Cloud project to work
      ▪ gcloud info: Display current gcloud tool environment details.

    Cloud SDK is happy to help

      ▪ gcloud help: Search the gcloud tool reference documents for specific
      ▪ gcloud feedback: Provide feedback for the Cloud SDK team.
      ▪ gcloud topic: Supplementary help material for non-command topics like
        accessibility, filtering, and formatting.

    Make the Cloud SDK your own; personalize your configuration with properties

      ▪ gcloud config set: Define a property (like compute/zone) for the
        current configuration.
      ▪ gcloud config get-value: Fetch value of a Cloud SDK property.
      ▪ gcloud config list: Display all the properties for the current
      ▪ gcloud config configurations create: Create a new named
      ▪ gcloud config configurations list: Display a list of all available
      ▪ gcloud config configurations activate: Switch to an existing named

    Grant and revoke authorization to Cloud SDK

      ▪ gcloud auth login: Authorize Google Cloud access for the gcloud tool
        with Google user credentials and set current account as active.
      ▪ gcloud auth activate-service-account: Like gcloud auth login but with
        service account credentials.
      ▪ gcloud auth list: List all credentialed accounts.
      ▪ gcloud auth print-access-token: Display the current account's access
      ▪ gcloud auth revoke: Remove access credentials for an account.

    Manage project access policies

      ▪ gcloud projects describe: Display metadata for a project (including
        its ID).
      ▪ gcloud projects add-iam-policy-binding: Add an IAM policy binding to
        a specified project.

  Identity & Access Management
    Configuring Cloud Identity & Access Management (IAM) preferences and
    service accounts

      ▪ gcloud iam list-grantable-roles: List IAM grantable roles for a
      ▪ gcloud iam roles create: Create a custom role for a project or org.
      ▪ gcloud iam service-accounts create: Create a service account for a
      ▪ gcloud iam service-accounts add-iam-policy-binding: Add an IAM policy
        binding to a service account.
      ▪ gcloud iam service-accounts set-iam-policy: Replace existing IAM
        policy binding.
      ▪ gcloud iam service-accounts keys list: List a service account's keys.

  Docker & Google Kubernetes Engine (GKE)
    Manage containerized applications on Kubernetes

      ▪ gcloud auth configure-docker: Register the gcloud tool as a Docker
        credential helper.
      ▪ gcloud container clusters create: Create a cluster to run GKE
      ▪ gcloud container clusters list: List clusters for running GKE
      ▪ gcloud container clusters get-credentials: Update kubeconfig to get
        kubectl to use a GKE cluster.
      ▪ gcloud container images list-tags: List tag and digest metadata for a
        container image.

  Virtual Machines & Compute Engine
    Create, run, and manage VMs on Google infrastructure

      ▪ gcloud compute zones list: List Compute Engine zones.
      ▪ gcloud compute instances describe: Display a VM instance's details.
      ▪ gcloud compute instances list: List all VM instances in a project.
      ▪ gcloud compute disks snapshot: Create snapshot of persistent disks.
      ▪ gcloud compute snapshots describe: Display a snapshot's details.
      ▪ gcloud compute snapshots delete: Delete a snapshot.
      ▪ gcloud compute ssh: Connect to a VM instance by using SSH.

  Serverless & App Engine
    Build highly scalable applications on a fully managed serverless platform

      ▪ gcloud app deploy: Deploy your app's code and configuration to the
        App Engine server.
      ▪ gcloud app versions list: List all versions of all services deployed
        to the App Engine server.
      ▪ gcloud app browse: Open the current app in a web browser.
      ▪ gcloud app create: Create an App Engine app within your current
      ▪ gcloud app logs read: Display the latest App Engine app logs.

    Commands that might come in handy

      ▪ gcloud kms decrypt: Decrypt ciphertext (to a plaintext file) using a
        Cloud Key Management Service (Cloud KMS) key.
      ▪ gcloud logging logs list: List your project's logs.
      ▪ gcloud sql backups describe: Display info about a Cloud SQL instance
      ▪ gcloud sql export sql: Export data from a Cloud SQL instance to a SQL

    To view this cheat sheet, run:

        $ gcloud cheat-sheet

    These flags are available to all commands: --account, --billing-project,
    --configuration, --flags-file, --flatten, --format, --help,
    --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

Creating Service Account

  • Create Credentials
    • Select “Service Account” and create a service account

And add key to Service Account

$ gcloud auth activate-service-account --key-file=/path/to/key-file.json
Activated service account credentials for: []

$ gcloud auth list
       Credentialed Accounts

Leave a Comment

Your email address will not be published. Required fields are marked *