- NAME
-
- gcloud alpha agent-identity connectors create - create connectors
- SYNOPSIS
-
-
gcloud alpha agent-identity connectors create(CONNECTOR:--location=LOCATION) (--api-key=API_KEY|--three-legged-oauth-authorization-url=THREE_LEGGED_OAUTH_AUTHORIZATION_URL--three-legged-oauth-client-id=THREE_LEGGED_OAUTH_CLIENT_ID--three-legged-oauth-client-secret=THREE_LEGGED_OAUTH_CLIENT_SECRET--three-legged-oauth-token-url=THREE_LEGGED_OAUTH_TOKEN_URL|--two-legged-oauth-client-id=TWO_LEGGED_OAUTH_CLIENT_ID--two-legged-oauth-client-secret=TWO_LEGGED_OAUTH_CLIENT_SECRET--two-legged-oauth-token-endpoint=TWO_LEGGED_OAUTH_TOKEN_ENDPOINT) [--allowed-scopes=[ALLOWED_SCOPES,…]] [--blocked-scopes=[BLOCKED_SCOPES,…]] [--description=DESCRIPTION] [--labels=[LABELS,…]] [--request-id=REQUEST_ID] [--state=STATE] [--workload-ids=[WORKLOAD_IDS,…]] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
-
(ALPHA)Create a connector - EXAMPLES
-
To create the connector, run:
gcloud alpha agent-identity connectors create - POSITIONAL ARGUMENTS
-
-
Connector resource - Identifier. The full resource name of the connector.
Format: projects/{project}/locations/{location}/connectors/{connector} The
arguments in this group can be used to specify the attributes of this resource.
(NOTE) Some attributes are not given arguments in this group but can be set in
other ways.
To set the
projectattribute:-
provide the argument
connectoron the command line with a fully specified name; -
provide the argument
--projecton the command line; -
set the property
core/project.
This must be specified.
CONNECTOR-
ID of the connector or fully qualified identifier for the connector.
To set the
connectorattribute:-
provide the argument
connectoron the command line.
This positional argument must be specified if any of the other arguments in this group are specified.
-
provide the argument
--location=LOCATION-
The location id of the connector resource.
To set the
locationattribute:-
provide the argument
connectoron the command line with a fully specified name; -
provide the argument
--locationon the command line.
-
provide the argument
-
provide the argument
-
Connector resource - Identifier. The full resource name of the connector.
Format: projects/{project}/locations/{location}/connectors/{connector} The
arguments in this group can be used to specify the attributes of this resource.
(NOTE) Some attributes are not given arguments in this group but can be set in
other ways.
- REQUIRED FLAGS
-
-
Connector type specific parameters. Required when creating a connector.
This must be specified.
-
Arguments for the type.
At most one of these can be specified:
- Message describing ApiKeyParams object.
--api-key=API_KEY- The API key for this connector.
- Message describing ThreeLeggedOAuth object.
- The authorization endpoint to send users to for consenting to delegate to the agent. eg. "https://auth.atlassian.com/authorize"
--three-legged-oauth-client-id=THREE_LEGGED_OAUTH_CLIENT_ID- The client ID of the OAuth client.
--three-legged-oauth-client-secret=THREE_LEGGED_OAUTH_CLIENT_SECRET- The client secret of the OAuth client.
--three-legged-oauth-token-url=THREE_LEGGED_OAUTH_TOKEN_URL- The token endpoint for requesting tokens on behalf of an end user. eg. "https://auth.atlassian.com/oauth/token"
- Message describing TwoLeggedOAuth object.
--two-legged-oauth-client-id=TWO_LEGGED_OAUTH_CLIENT_ID- The client ID of the OAuth client.
--two-legged-oauth-client-secret=TWO_LEGGED_OAUTH_CLIENT_SECRET- The client secret of the OAuth client.
--two-legged-oauth-token-endpoint=TWO_LEGGED_OAUTH_TOKEN_ENDPOINT- The token endpoint of the OAuth client.
-
Arguments for the type.
-
Connector type specific parameters. Required when creating a connector.
- OPTIONAL FLAGS
-
--allowed-scopes=[ALLOWED_SCOPES,…]-
List of scopes that are allowed to be requested for this connector. If this list
is non-empty, only scopes within this list may be requested. If this list is
empty, all scopes may be requested. Scopes appearing in
blocked_scopesare disallowed even if they appear inallowed_scopes. The number of allowed scopes is limited to 200. --blocked-scopes=[BLOCKED_SCOPES,…]-
List of scopes that are blocked from being requested for this connector. If a
scope appears in this list, it may not be requested, even if it also appears in
allowed_scopes.blocked_scopestakes precedence overallowed_scopes. The number of blocked scopes is limited to 200. --description=DESCRIPTION- Description of the resource. Must be less than 256 characters.
--labels=[LABELS,…]-
Labels as key value pairs.
KEY-
Keys must start with a lowercase character and contain only hyphens
(
-), underscores (_), lowercase characters, and numbers. VALUE-
Values must contain only hyphens (
-), underscores (_), lowercase characters, and numbers.
Shorthand Example:--labels=string=string
JSON Example:--labels='{"string": "string"}'
File Example:--labels=path_to_file.(yaml|json)
--request-id=REQUEST_ID-
An optional request ID to identify requests. Specify a unique request ID so that
if you must retry your request, the server will know to ignore the request if it
has already been completed. The server will guarantee that for at least 60
minutes since the first request.
For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.
The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
--state=STATE-
The state of the connector.
STATEmust be one of:disabled- Disabled and cannot be used.
enabled- Enabled and can be used.
--workload-ids=[WORKLOAD_IDS,…]- Workload identity (SPIFFE ID) of the agent.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - API REFERENCE
-
This command uses the
iamconnectors/v1alphaAPI. The full documentation for this API can be found at: https://cloud.google.com/iam/docs/ - NOTES
- This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist.
gcloud alpha agent-identity connectors create
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-03-24 UTC.