Use the Cloud Storage MCP server

Model Context Protocol (MCP) standardizes the way large language models (LLMs) and AI applications or agents connect to outside data sources. MCP servers let you use their tools, resources, and prompts to take actions and get updated data from their backend service.

Local MCP servers typically run on your local machine and use the standard input and output streams (stdio) for communication between services on the same device. While local MCP servers often communicate with local services, they can also be used to call services or data sources that are not running on the local machine. For example, a local MCP server running on an agent's machine or virtual machine can call Cloud Storage APIs.

You might use the Cloud Storage local MCP server for the following reasons:

• You need to build a custom tool.
• You don't have permissions to enable or use the MCP server in your project.

For more information about how to use our local MCP server, visit this GitHub repository.

Remote MCP servers run on the service's infrastructure and offer an HTTP endpoint to AI applications for communication between the AI MCP client and the MCP server. The Cloud Storage MCP server is a remote MCP server with an HTTP endpoint. For more information about MCP architecture, see MCP architecture.

This document describes how to use the Cloud Storage MCP server to connect to Cloud Storage from AI applications such as Gemini CLI, agent mode in Gemini Code Assist, Claude Code, or in AI applications that you're developing.

With the Cloud Storage MCP server, you can use AI applications and agents to perform the following tasks:

• Create buckets.
• Retrieve object metadata.
• Read and write object data.
• List buckets and objects.

Google and Google Cloud remote MCP servers

• Simplified, centralized discovery
• Managed global or regional HTTP endpoints
• Fine-grained authorization
• Optional prompt and response security with Model Armor protection
• Centralized audit logging

For information about other MCP servers and information about security and governance controls available for Google Cloud MCP servers, see Google Cloud MCP servers overview.

Limitations

The Cloud Storage MCP server has the following limitations:

• File types: Read operations for content analysis are restricted to text, PDF, and image files; write operations are restricted to text files.

• File size: Maximum of 8 MiB for read and write operations.

• Endpoint: Global endpoint only.

For detailed information on quotas and limits that apply to the Cloud Storage MCP server, see Quotas and limits.

Before you begin

Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Roles required to select or create a project

• Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
• Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

Go to project selector

If you're using an existing project for this guide, verify that you have the permissions required to complete this guide. If you created a new project, then you already have the required permissions.

Install the Google Cloud CLI.

If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

To initialize the gcloud CLI, run the following command:

gcloud init

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Roles required to select or create a project

• Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
• Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

Go to project selector

If you're using an existing project for this guide, verify that you have the permissions required to complete this guide. If you created a new project, then you already have the required permissions.

Install the Google Cloud CLI.

If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

To initialize the gcloud CLI, run the following command:

gcloud init

Required roles

To get the permissions that you need to use the Cloud Storage MCP server, ask your administrator to grant you the following IAM roles on the project where you want to use the Cloud Storage MCP server:

• Make MCP tool calls: MCP Tool User (roles/mcp.toolUser)
• List objects, read objects and their contents, or get an object's metadata: Storage Object Viewer (roles/storage.objectViewer)
• Write content to an object: Storage Object Creator (roles/storage.objectCreator)
• Create buckets and list buckets: Storage Admin (roles/storage.admin)

For more information about granting roles, see Manage access to projects, folders, and organizations.

These predefined roles contain the permissions required to use the Cloud Storage MCP server. To see the exact permissions that are required, expand the Required permissions section:

You might also be able to get these permissions with custom roles or other predefined roles.

Authentication and authorization

The Cloud Storage remote MCP server uses the OAuth 2.0 protocol with Identity and Access Management (IAM) for authentication and authorization. All Google Cloud identities are supported for authentication to MCP servers.

The Cloud Storage MCP server doesn't accept API keys for authentication because all requests require Identity and Access Management (IAM) authorization.

We recommend that you create a separate identity for agents that are using MCP tools so that access to resources can be controlled and monitored. For more information about authentication, see Authenticate to MCP servers.

Cloud Storage MCP OAuth scopes

OAuth 2.0 uses scopes and credentials to determine if an authenticated principal is authorized to take a specific action on a resource. For more information about OAuth 2.0 scopes at Google, read Using OAuth 2.0 to access Google APIs.

Cloud Storage has the following MCP tool OAuth scopes:

Additional scopes might be required on the resources accessed during a tool call. To view a list of scopes required for Cloud Storage, see Cloud Storage API. If your agent interacts with other Google Cloud services as part of its workflow, such as BigQuery or Storage Insights, it requires the appropriate OAuth scopes for those services in addition to the Cloud Storage scopes.

Configure an MCP client to use the Cloud Storage MCP server

AI applications and agents, such as Claude or Gemini CLI, can instantiate an MCP client that connects to a single MCP server. An AI application can have multiple clients that connect to different MCP servers. To connect to a remote MCP server, the MCP client must know the remote MCP server's URL.

In your AI application, look for a way to connect to a remote MCP server. You are prompted to enter details about the server, such as its name and URL.

For the Cloud Storage MCP server, enter the following as required:

• Server name: Cloud Storage MCP server
• Server URL or Endpoint: https://storage.googleapis.com/mcp
• Transport: HTTP
• Authentication details: Depending on how you want to authenticate, you can enter your Google Cloud credentials, your OAuth Client ID and secret, or an agent identity and credentials. For more information about authentication, see Authenticate to MCP servers.
• OAuth scope: One of the scopes listed in this document that you want to use when connecting to the Cloud Storage MCP server.

For host-specific guidance about setting up and connecting to MCP server, see the following:

• Claude.ai
• Gemini CLI
• ChatGPT
• Visual Studio Code

For more general guidance, see the following resources:

• Connect to remote MCP servers.
• Configure MCP in an AI application.

Available tools

To view details of available MCP tools and their descriptions for the Cloud Storage MCP server, see the Cloud Storage MCP reference. For schemas and examples, see the Cloud Storage MCP GitHub repository.

List tools

Use the MCP inspector to list tools, or send a tools/list HTTP request directly to the Cloud Storage MCP server. The tools/list method doesn't require authentication.

POST /mcp HTTP/1.1
Host: storage.googleapis.com
Content-Type: application/json

{
  "jsonrpc": "2.0",
  "method": "tools/list"
}

Call a tool

To call a specific tool, use the tools/call method and provide the tool name and necessary arguments in the params object. The following example shows how to call the list_buckets tool for the project my-project:

POST /mcp HTTP/1.1
Host: storage.googleapis.com
Content-Type: application/json
Authorization: Bearer OAUTH2_TOKEN

{
  "jsonrpc": "2.0",
  "method": "tools/call",
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "params": {
    "name": "list_buckets",
    "arguments": {
      "projectId": "my-project"
    }
  }
}

Example use cases

The following are example use cases for the Cloud Storage MCP server.

Manage retail content and campaigns

A sample use case for the Cloud Storage MCP server is to assist a retailer's marketing agent to create and manage product listings and promotional campaigns. The Cloud Storage MCP server lets you list, read, and write objects, and create buckets for storing product and campaign assets by using natural language.

Sample prompt:

"Create a product listing for SKU-123 using assets from the product-images bucket, then create a new bucket called campaign-q3-assets and generate and save banner images into it."

Workflow: The workflow for creating product listings and campaigns might look like the following:

• List assets: The agent uses list_objects to find all images for the new product in a dedicated Cloud Storage bucket.
• Fetch content: The agent uses read_object to access product assets (up to 8 MiB in size), and also fetches product descriptions from a product information management (PIM) system using another tool.
• Generate listing: The agent generates a draft of the product listing, including marketing copy and links to the images and videos.
• Create campaign bucket: The agent uses create_bucket to create a new bucket for campaign assets.
• Save campaign assets: The agent generates campaign assets (for example, banners) and uses write_text to save them into the new "campaigns" bucket. Each asset must be less than 8 MiB in size.

Analyze financial data

A sample use case for the Cloud Storage MCP server is to help portfolio managers gain insights from financial reports and audio recordings of trader calls with clients. The Cloud Storage MCP server helps the agent to identify and download relevant documents and pass them to an LLM for analysis.

Sample prompt:

"What were the key takeaways from ExampleCorp's most recent earnings call, and how does that compare to the sentiment in their last three financial reports?"

Workflow: The workflow for analyzing financial documents might look like the following:

• Identify documents: The agent extracts keywords from the user's question to identify relevant buckets or prefixes, for example, earnings-calls/ExampleCorp/ or financial-reports/ExampleCorp/ and uses list_objects to find relevant audio transcripts and financial reports.
• Download content: The agent uses read_text or read_object to download the content of the identified files, up to 8 MiB per file.
• Analyze and respond: The agent passes the content to an LLM to summarize findings, compare sentiment, and synthesize an answer to the user's question. If needed, other tools like BigQuery can be used for deeper analysis.

Assess vendor risk

A sample use case for the Cloud Storage MCP server is to help automate the initial vendor risk assessment process for a bank's risk management team. The Cloud Storage MCP server lets the AI agent fetch and analyze documents that vendors submit to identify potential risks by using natural language.

Sample prompt:

"Assess vendor "Example Inc." by reviewing their latest security questionnaire and compliance certificate in the vendor-docs bucket. Summarize any potential risks based on our policies and save the report."

Workflow: The workflow for assessing vendor risk might look like the following:

• Find documents: The agent uses the list_objects tool to find the vendor's folder in a Cloud Storage bucket dedicated to vendor documents.
• Download documents: The agent uses read_object to download all relevant documents, such as security questionnaires, compliance certificates, and financial statements, up to 8 MiB per file.
• Analyze documents: The agent analyzes the content of these documents, possibly using other tools to extract text, to look for red flags or missing information based on the bank's risk policies.
• Compile and save report: The agent compiles a summary report of its findings and uses write_text to save it to the vendor's folder in Cloud Storage for the risk assessor to review.

Optional security and safety configurations

MCP introduces new security risks and considerations due to the wide variety of actions that you can do with the MCP tools. To minimize and manage these risks, Google Cloud offers default settings and customizable policies to control the use of MCP tools in your Google Cloud organization or project.

For more information about MCP security and governance, see AI security and safety.

Use Model Armor

Model Armor is a Google Cloud service that's designed to enhance the security and safety of your AI applications. It works by proactively screening LLM prompts and responses, helping protect against various risks and supporting responsible AI practices. Whether you deploy AI in your cloud environment, or on external cloud providers, Model Armor can help you prevent malicious input, verify content safety, help protect sensitive data, support compliance, and enforce your AI safety and security policies consistently across your diverse AI landscape.

Model Armor is only available in specific regional locations. If Model Armor is enabled for a project, and a call to that project comes from an unsupported region, Model Armor isn't called and the call is sent without scanning by Model Armor. For more information, see Model Armor locations.

Enable Model Armor

You must enable Model Armor APIs before you can use Model Armor.

Configure protection for Google and Google Cloud remote MCP servers

To help protect your MCP tool calls and responses you can use Model Armor floor settings. A floor setting defines the minimum security filters that apply across the project. This configuration applies a consistent set of filters to all MCP tool calls and responses within the project.

Set up a Model Armor floor setting with MCP sanitization enabled. For more information, see Configure Model Armor floor settings.

See the following example command:

gcloud model-armor floorsettings update \
--full-uri='projects/PROJECT_ID/locations/global/floorSetting' \
--enable-floor-setting-enforcement=TRUE \
--add-integrated-services=GOOGLE_MCP_SERVER \
--google-mcp-server-enforcement-type=INSPECT_AND_BLOCK \
--enable-google-mcp-server-cloud-logging \
--malicious-uri-filter-settings-enforcement=ENABLED \
--add-rai-settings-filters='[{"confidenceLevel": "MEDIUM_AND_ABOVE", "filterType": "DANGEROUS"}]'

Replace PROJECT_ID with your Google Cloud project ID.

Note the following settings:

• INSPECT_AND_BLOCK: The enforcement type that inspects content for the Google MCP server and blocks prompts and responses that match the filters.
• ENABLED: The setting that enables a filter or enforcement.
• MEDIUM_AND_ABOVE: The confidence level for the Responsible AI - Dangerous filter settings. You can modify this setting, though lower values might result in more false positives. For more information, see Model Armor confidence levels.

Disable scanning MCP traffic with Model Armor

If you want to stop scanning Google MCP traffic with Model Armor, run the following command:

gcloud model-armor floorsettings update \
  --full-uri='projects/PROJECT_ID/locations/global/floorSetting' \
  --remove-integrated-services=GOOGLE_MCP_SERVER

Replace PROJECT_ID with the Google Cloud project ID.

Model Armor won't scan MCP traffic in the project.

Control MCP use with IAM deny policies

Identity and Access Management (IAM) deny policies help you secure Google Cloud remote MCP servers. Configure these policies to block unwanted MCP tool access.

For example, you can deny or allow access based on:

• The principal
• Tool properties like read-only
• The application's OAuth client ID

For more information, see Control MCP use with Identity and Access Management.

What's next

• Read the Cloud Storage MCP reference documentation.
• Learn more about Google Cloud MCP servers.