Cyberduck Mountain Duck CLI

Version 59 (modified by dkocher, on Dec 3, 2011 at 9:03:46 PM) (diff)


Cyberduck Help / Howto / Google Storage

Google Cloud Storage is a S3 compatible service with pricing based on usage. Google Cloud Storage is interoperable with S3.

Connecting to Google Storage

Interoperable Access

You must obtain the login credentials (Access Key and Secret) from the Google API Console under Legacy Access from the Google Cloud Storage tab.

In the login prompt of Cyberduck you enter the Access Key for the username and Secret for the password. This allows you to connect to one project configured in your account.

OAuth 2.0 Access

You must obtain the project ID (x-goog-project-id) of your project from the Google API Console under Storage Access from the Google Cloud Storage tab.

In the login prompt of Cyberduck you enter the x-goog-project-id for the username and enter the Authorization Code retrieved from the website where you grant Cyberduck acccess to your account.

You access the page with the authorization code from the link displayed in the login prompt. Click it to open it in a web browser window. You only need to get the authorization code from the website on the first login attempt. Subsequent OAuth authentications will use a refresh token retrieved from service.

Creating a bucket

When connecting the first time, you must first create a new bucket with File → New Folder... (⌘-N). You can choose the bucket location in Preferences (⌘-,) → S3 The following locations are supported:

  • US
  • EU - Europe

Bucket Access Logging

When this option is enabled in the Google Cloud Storage panel of the Info (File → Info (⌘-I)) window for a bucket or any file within, available log records for this bucket are periodically aggregated into log files and delivered to root in the target logging bucket specified.


After logging is configured, you can access statistics from your access logs using a service such as Qloudstat.


Creating a folder inside a bucket will create a placeholder object named after the directory, has no data content and the mimetype application/x-directory. Directory placeholder objects created in Google Storage Manager are not supported.



You can edit standard HTTP headers add custom HTTP headers to files to store metadata. Choose File → Info → Google Storage to edit headers.


Default ACLs

  • Buckets. New buckets created have a default pre-defined canned ACL set to public-read. You get FULL_CONTROL. All other users have READ access.

Granting access to selected users

You can give access to a specific user to a document by granting READ access to the email address registered with Google. The Authenticated URL from the ACL tab in the Info window with the format<container>/<file> will verify access to the resource using the Google Account login credentials.

The link will redirect to the file only after the user has successfully logged in to their Google Account and is listed in the ACL you have just edited.

Granting access to Google Apps domain

Google Apps customers can associate their email accounts with an Internet domain name. When you do this, each email account takes the form You can specify a scope by using any Internet domain name that is associated with a Google Apps account.

Granting access to members of Google Group

Every Google group has a unique email address that is associated with the group. For example, the Google Storage for Developers group has the following email address: You can find the email address that is associated with a Google group by clicking About this group, which appears on the homepage of every Google group.


The following permissions can be given to grantees:

READ Allows grantee to list the files in the bucket Allows grantee to download the file and its metadata
WRITE Allows grantee to create, overwrite, and delete any file in the bucket Not applicable
FULL_CONTROL Allows grantee all permissions on the bucket Allows grantee all permissions on the object


  • No content distribution (CDN) configuration.
  • Torrent URLs are not supported.
  • Signed URLs are not supported.