Skip to main content

Connecting Google Cloud Storage

This guide walks you through connecting a Google Cloud Storage (GCS) destination to Pluton.

Prerequisites

Before connecting Google Cloud Storage, you need:

  1. A Google Cloud account - Sign up here
  2. A Google Cloud project with billing enabled
  3. OAuth 2.0 Client ID and Client Secret (or a Service Account)

Getting Your Credentials

Step 1: Create a Google Cloud Project

  1. Go to the Google Cloud Console
  2. Click Select a projectNew Project
  3. Enter a project name (e.g., "Pluton Backups") and click Create
  4. Note your Project Number from the project dashboard — you will need this for bucket operations

Step 2: Enable the Cloud Storage API

  1. In your project, go to APIs & ServicesLibrary
  2. Search for Cloud Storage API (or Google Cloud Storage JSON API)
  3. Click on it and then click Enable

Step 3: Create OAuth Credentials

Option A: OAuth 2.0 (Interactive Login)

  1. Go to APIs & ServicesOAuth consent screen and configure it
  2. Go to APIs & ServicesCredentials
  3. Click Create CredentialsOAuth client ID
  4. Select Desktop app as the application type
  5. Click Create and copy the Client ID and Client Secret

Option B: Service Account (Server-to-Server)

  1. Go to IAM & AdminService Accounts
  2. Click Create Service Account
  3. Give it a name and grant the Storage Admin role (or a more restrictive role)
  4. Click Done, then click on the service account
  5. Go to the Keys tab → Add KeyCreate new keyJSON
  6. Download the JSON key file — you will reference this file path in Pluton

Step 4: Generate an OAuth Token (for Option A)

If using OAuth credentials (not a Service Account):

  1. Install rclone on a machine with a web browser
  2. Run the following command: 
    rclone authorize "google cloud storage" "your_client_id" "your_client_secret"
  3. A browser window will open — log in with your Google account and grant access
  4. Copy the JSON token blob printed to the terminal

Connecting to Pluton

Pluton Google Cloud Storage

Step 1: Add Storage

  1. In Pluton, navigate to Storages
  2. Click Add Storage button
  3. Select Google Cloud Storage from the provider list

Step 2: Configure Connection

Fill in the required fields:

  • Storage Name: A friendly name (e.g., "GCS Production Backups")
  • Client ID: Your Google OAuth Client ID
  • Client Secret: Your Google OAuth Client Secret
  • Project Number: Your Google Cloud project number (needed for listing/creating/deleting buckets)
  • OAuth Access Token: Paste the JSON token blob obtained from rclone authorize

Alternatively, for Service Account authentication:

  • Service Account File: Path to the Service Account JSON key file
  • Service Account Credentials: Or paste the JSON content directly

Step 3: Advanced Options (Optional)

Additional settings available:

  • Object ACL: Access Control List for new objects:
    • Default (private), Authenticated Read, Bucket Owner Full Control, Bucket Owner Read, Private, Project Private, Public Read
  • Bucket ACL: Access Control List for new buckets:
    • Default (private), Authenticated Read, Private, Project Private, Public Read, Public Read/Write
  • Bucket Policy Only: Use bucket-level IAM policies for access checks. Enable this if your bucket has Bucket Policy Only (uniform bucket-level access) set
  • Location: Region for newly created buckets. Options include multi-regional (Asia, EU, US) and specific regions (Tokyo, London, Frankfurt, Iowa, Oregon, São Paulo, and many more)
  • Storage Class: The storage tier for objects:
    • Default — Uses the bucket's default class
    • Multi-Regional — High availability across regions
    • Regional — Single region
    • Nearline — Best for data accessed less than once a month
    • Coldline — Best for data accessed less than once a quarter
    • Archive — Lowest cost for data accessed less than once a year
    • Durable Reduced Availability — Legacy storage class
  • User Project: For requester-pays buckets, the project to bill for requests
  • Anonymous Access: Access public buckets without credentials
  • Environment Auth: Use GCP IAM credentials from the runtime environment (instance metadata or environment variables)

Step 4: Test and Save

  1. Click Test Connection to verify credentials
  2. If successful, click Save
  3. Your Google Cloud Storage is now ready for backup plans

Common Issues

Permission Denied on Bucket Operations: Ensure your project number is set correctly and your credentials have sufficient IAM roles (e.g., Storage Admin or Storage Object Admin).

Token Expired: OAuth tokens can expire. Re-run rclone authorize "google cloud storage" to generate a fresh token. Consider using a Service Account for long-running unattended operations.

Bucket Policy Only Errors: If your bucket uses uniform bucket-level access, enable the Bucket Policy Only option in Pluton.

Billing Not Enabled: Google Cloud Storage requires billing to be enabled on your project, even for free-tier usage. Verify billing is active in the Cloud Console.

Best Practices

  • Use Service Accounts instead of OAuth for production server-to-server backup operations
  • Choose the appropriate storage class based on your access patterns — Nearline or Coldline for backups that are rarely restored
  • Select a bucket location close to your Pluton server for best performance
  • Use Bucket Policy Only (uniform access) for simpler and more consistent permission management
  • Set up lifecycle rules in GCS to automatically transition or delete old objects
  • For cost optimization, use regional storage in a single region rather than multi-regional when geographic redundancy is not required