Cyberduck Mountain Duck CLI

Version 70 (modified by jmalek, on Dec 27, 2018 at 11:32:48 AM) (diff)


Cyberduck Help / Howto / Google Cloud Storage

Google Cloud Storage is a S3 compatible service with pricing based on usage. Google Cloud Storage is interoperable with S3.

Connecting to Google Cloud Storage

Interoperable Access

For interoperable access please use a S3-compatible protocol (like Amazon S3, not Google Storage) with server set to

You need to obtain the login credentials (Access Key and Secret) from the Google Cloud Platform settings for "Storage". Please navigate to the storage settings. Open the "Interoperability"-tab and enable "Interoperable Access". After enabling you may now create a new key. For more information refer to the Google Storage Documentation.

In the login prompt of Cyberduck you enter the Access Key for the username and Secret for the password. This allows you to connect to one project configured in your account.

OAuth 2.0 Access

You must obtain the project ID (x-goog-project-id) of your project from the Google Cloud Platform under Storage Access from the Google Cloud Storage tab. Direct link to Google Cloud Storage settings

In the login prompt of Cyberduck you enter the x-goog-project-id for the username and enter the Authorization Code retrieved from the website where you grant Cyberduck acccess to your account.

You access the page with the authorization code from the link displayed in the login prompt. Click it to open it in a web browser window. You only need to get the authorization code from the website on the first login attempt. Subsequent OAuth authentications will use a refresh token retrieved from service.

Creating a bucket

When connecting the first time, you must first create a new bucket with File → New Folder... (⌘-N). You can choose the bucket location in Preferences (⌘-,) → S3 The following locations are supported:

  • US
  • EU - Europe

Bucket Access Logging

When this option is enabled in the Google Cloud Storage panel of the Info (File → Info (⌘-I)) window for a bucket or any file within, available log records for this bucket are periodically aggregated into log files and delivered to root in the target logging bucket specified. It is considered best practice to choose a logging target that is different from the origin bucket.


After logging is configured, you can access statistics from your access logs using a service such as Qloudstat.


Creating a folder inside a bucket will create a placeholder object named after the directory, has no data content and the mimetype application/x-directory. Directory placeholder objects created in Google Storage Manager are not supported.



You can edit standard HTTP headers add custom HTTP headers to files to store metadata. Choose File → Info → Google Storage to edit headers.


Default ACLs

  • Buckets. New buckets created have a default pre-defined canned ACL set to public-read. You get FULL_CONTROL. All other users have READ access.

Granting access to selected users

You can give access to a specific user to a document by granting READ access to the email address registered with Google. The Authenticated URL from the ACL tab in the Info window with the format<container>/<file> will verify access to the resource using the Google Account login credentials.

The link will redirect to the file only after the user has successfully logged in to their Google Account and is listed in the ACL you have just edited.

Granting access to Google Apps domain

Google Apps customers can associate their email accounts with an Internet domain name. When you do this, each email account takes the form You can specify a scope by using any Internet domain name that is associated with a Google Apps account.

Granting access to members of Google Group

Every Google group has a unique email address that is associated with the group. For example, the Google Storage for Developers group has the following email address: You can find the email address that is associated with a Google group by clicking About this group, which appears on the homepage of every Google group.


The following permissions can be given to grantees:

READ Allows grantee to list the files in the bucket Allows grantee to download the file and its metadata
WRITE Allows grantee to create, overwrite, and delete any file in the bucket Not applicable
FULL_CONTROL Allows grantee all permissions on the bucket Allows grantee all permissions on the object

Website Configuration

To host a static website on Google Cloud Storage, It is possible to define a bucket as a Website Endpoint. The configuration in File → Info (⌘-I) → Distribution allows you to enable website configuration. Choose Website Configuration (HTTP) from Delivery Method and define an index document name that is searched for and returned when requests are made to the root or the subfolder in your bucket.

Website Configuration parameters will only affect requests directed to CNAME aliases of a bucket.

Index File

Simulates directory index behavior at both bucket and "directory" level. The file specified is served for requests to the website endpoint as the main page for the bucket and for requests to "directories" contained by the bucket.


  • No content distribution (CDN) configuration.
  • Torrent URLs are not supported.
  • Signed URLs are not supported.