playbooks

home / skills / bankkroll / skills-builder / google-cloud

google-cloud skill

/skills/google-cloud

This skill helps you navigate Google Cloud documentation for AI, authentication, security, and Terraform workflows to accelerate implementation.

npx playbooks add skill bankkroll/skills-builder --skill google-cloud

Review the files below or copy the command above to add this skill to your agents.

Files (72)
SKILL.md
20.2 KB
---
name: "google-cloud"
description: "Scraped from https://cloud.google.com/docs/ Source: https://cloud.google.com/docs. Use when questions involve: ai ml, authentication, buildpacks, enterprise, generative ai, security, terraform."
---

# Google Cloud

> Official documentation: https://cloud.google.com/docs

## Overview

This skill provides comprehensive documentation for google cloud.

**Total references:** 71 files (~444,000 tokens)

**Topics covered:**
BeyondProd benefits, Migrate state to Cloud Storage bucket, When to use traditional AI, Security tests, New columns and filters in the Cost table report, View dimensions, Procfile name and location, SDKs and Frameworks, Related topics, Dont include API keys in client code or commit them to code repositories, Recovering from vulnerabilities in root-of-trust firmware, Prepare the directory...

## Reference Files

Load only the reference files relevant to the user's question:

### Ai Ml

- **[Develop a generative AI applicationStay organized with collectionsSave and categorize content based on your preferences. and more](references/ai-ml-1.md)** (~7,046 tokens)
  - Topics: Generative AI models, Choose a model, Design prompts
- **[Stay organized with collectionsSave and categorize content based on your preferences.](references/ai-ml-2.md)** (~1,123 tokens)

### Authentication

- **[Best practices for managing API keysStay organized with collectionsSave and categorize content based on your preferences. and more](references/authentication-1.md)** (~3,016 tokens)
  - Topics: Add API key restrictions to your key, Avoid using query parameters to provide your API key to Google APIs, Delete unneeded API keys to minimize exposure to attacks
- **[Manage API keysStay organized with collectionsSave and categorize content based on your preferences.](references/authentication-2.md)** (~12,195 tokens)
  - Topics: Introduction to API keys, Before you begin, Create an API key
- **[How Application Default Credentials worksStay organized with collectionsSave and categorize content based on your preferences. and more](references/authentication-3.md)** (~7,972 tokens)
  - Topics: Search order, Whats next, Use Application Default Credentials with client libraries
- **[Authenticate for using the gcloud CLIStay organized with collectionsSave and categorize content based on your preferences. and more](references/authentication-4.md)** (~6,938 tokens)
  - Topics: Local environment, Cloud Shell, Google Cloud compute resources
- **[Authenticate for using RESTStay organized with collectionsSave and categorize content based on your preferences. and more](references/authentication-5.md)** (~5,287 tokens)
  - Topics: Before you begin, Types of credentials, Set the quota project with a REST request
- **[Token typesStay organized with collectionsSave and categorize content based on your preferences.](references/authentication-6.md)** (~6,904 tokens)
  - Topics: Access tokens, Token-granting tokens, Identity tokens
- **[Tokens overviewStay organized with collectionsSave and categorize content based on your preferences. and more](references/authentication-7.md)** (~6,125 tokens)
  - Topics: User authentication, Workload authentication, Authorization servers

### Buildpacks

- **[About ProcfilesStay organized with collectionsSave and categorize content based on your preferences. and more](references/buildpacks-1.md)** (~7,397 tokens)
  - Topics: Procfile name and location, Procfile format, Local builds
- **[Search code, repositories, users, issues, pull requests... and more](references/buildpacks-2.md)** (~7,833 tokens)
  - Topics: Ubuntu 18 ESM, Support for Nodejs 18 and newer languages, Improved Security  Smaller Images
- **[Buildpacks release notesStay organized with collectionsSave and categorize content based on your preferences. and more](references/buildpacks-3.md)** (~5,358 tokens)
  - Topics: January 222026, January 132026, December 192025
- **[StacksStay organized with collectionsSave and categorize content based on your preferences.](references/buildpacks-4.md)** (~10,987 tokens)
  - Topics: Included packages
- **[Google Cloud's buildpacks support policyStay organized with collectionsSave and categorize content based on your preferences. and more](references/buildpacks-5.md)** (~1,705 tokens)
  - Topics: Support schedule, Languages  Builders, Local builds

### Enterprise

- **[Google Cloud Setup guided flowStay organized with collectionsSave and categorize content based on your preferences.](references/enterprise-1.md)** (~13,509 tokens)
  - Topics: Select a Google Cloud Setup foundation option, Establish your organization administrators and billing, Create an initial architecture
- **[Deploy your foundation using Terraform downloaded from the consoleStay organized with collectionsSave and categorize content based on your preferences. and more](references/enterprise-2.md)** (~2,141 tokens)
  - Topics: Before you begin, Deploy Terraform with Cloud Shell, Redeploy Terraform with Cloud Shell
- **[Google Cloud Setup guided flowStay organized with collectionsSave and categorize content based on your preferences.](references/enterprise-3.md)** (~13,513 tokens)
  - Topics: Select a Google Cloud Setup foundation option, Establish your organization administrators and billing, Create an initial architecture

### General

- **[Access and resource management and more](references/general-1.md)** (~5,421 tokens)
  - Topics: Recommended browsers and screen readers, Use accessibility resources in the console, Enable accessibility features for the Google Cloud CLI
- **[Authentication methods at GoogleStay organized with collectionsSave and categorize content based on your preferences. and more](references/general-2.md)** (~3,003 tokens)
  - Topics: Introduction, How to get help with authentication, Choose the right authentication method for your use case
- **[Google Cloud's approach to changeStay organized with collectionsSave and categorize content based on your preferences. and more](references/general-3.md)** (~7,385 tokens)
  - Topics: The life of a change at Google Cloud, Safe by design, Safe as developed
- **[Attribution of committed use discount fees and creditsStay organized with collectionsSave and categorize content based on your preferences. and more](references/general-4.md)** (~5,765 tokens)
  - Topics: Types of commitment attribution, Choose proportional attribution for spend-based commitments, Choose attribution for resource-based commitments
- **[Sample queries for the new CUDs data modelStay organized with collectionsSave and categorize content based on your preferences. and more](references/general-5.md)** (~6,081 tokens)
  - Topics: Queries for CUD KPIs, Query and analyze historical Compute flexible CUDs, Related topics
- **[Spend](references/general-6.md)** (~3,806 tokens)
  - Topics: BigQuery sample data export, Sample Queries for key CUD KPIs, Cloud Billing export to BigQuery
- **[Spend and more](references/general-7.md)** (~5,119 tokens)
  - Topics: Key concepts, Changes summary, Opt in early starting July 15 2025
- **[Get recommendations for committed use discounts (CUD)Stay organized with collectionsSave and categorize content based on your preferences. and more](references/general-8.md)** (~5,185 tokens)
  - Topics: Understand commitment recommendations, Permissions required to view and modify recommendations, View recommendations
- **[Committed use discountsStay organized with collectionsSave and categorize content based on your preferences. and more](references/general-9.md)** (~7,372 tokens)
  - Topics: Spend-based commitments, Resource-based commitments, Spend-based versus resource-based commitments
- **[Generative AI and more](references/general-10.md)** (~7,920 tokens)
  - Topics: Regions and zones, Global services, Internal services
- **[Observability and monitoring and more](references/general-11.md)** (~7,564 tokens)
  - Topics: Universesregionsand zones, Globalregionaland zonal resources, Accessing resources through services
- **[What's new in documentation](references/general-12.md)** (~2,139 tokens)

### Generative Ai

- **[Stay organized with collectionsSave and categorize content based on your preferences. and more](references/generative-ai.md)** (~5,926 tokens)
  - Topics: Sample applications, SDKs and Frameworks, Notebooks

### Get Started

- **[Set up API accessStay organized with collectionsSave and categorize content based on your preferences. and more](references/get-started-1.md)** (~1,651 tokens)
  - Topics: Before you begin, Google Cloud APIs Access services programmatically, Cloud Client Libraries Access APIs with your preferred language
- **[Compare AWS and Azure services to Google CloudStay organized with collectionsSave and categorize content based on your preferences.](references/get-started-2.md)** (~10,949 tokens)
  - Topics: Whats next
- **[Consider geographic distributionStay organized with collectionsSave and categorize content based on your preferences. and more](references/get-started-3.md)** (~5,631 tokens)
  - Topics: Distribute resources to help ensure availability, Regions and zones, Set virtual machine VM maintenance policies

### Overview

- **[Ready to get started? Take the next step and more](references/overview.md)** (~989 tokens)
  - Topics: Browse by category, Browse by category, Talk to a Google Cloud sales representative

### Quotas

- **[Cloud Quotas API overviewStay organized with collectionsSave and categorize content based on your preferences. and more](references/quotas-1.md)** (~5,696 tokens)
  - Topics: Limitations, Service endpoint, Required roles
- **[Use custom organization policiesStay organized with collectionsSave and categorize content based on your preferences. and more](references/quotas-2.md)** (~6,082 tokens)
  - Topics: About organization policies and constraints, Limitations, Before you begin
- **[View and manage quotasStay organized with collectionsSave and categorize content based on your preferences. and more](references/quotas-3.md)** (~6,788 tokens)
  - Topics: Limitations, Before you begin, View quotas in the Google Cloud console
- **[Set up quota alerts and monitoringStay organized with collectionsSave and categorize content based on your preferences. and more](references/quotas-4.md)** (~4,122 tokens)
  - Topics: Set up basic quota usage alerts, Create charts, Check quota metric support
- **[Quota adjusterStay organized with collectionsSave and categorize content based on your preferences. and more](references/quotas-5.md)** (~5,710 tokens)
  - Topics: How the quota adjuster works, Limitations, Availability
- **[Cloud Quotas client librariesStay organized with collectionsSave and categorize content based on your preferences.](references/quotas-6.md)** (~9,315 tokens)
  - Topics: Install the client library, Set up authentication, Use the client library
- **[Method: folders.locations.quotaPreferences.createStay organized with collectionsSave and categorize content based on your preferences. and more](references/quotas-7.md)** (~7,950 tokens)
  - Topics: Resource QuotaPreference, Resource QuotaInfo, Resource QuotaPreference
- **[REST Resource: organizations.locations.services.quotaInfosStay organized with collectionsSave and categorize content based on your preferences. and more](references/quotas-8.md)** (~7,364 tokens)
  - Topics: Resource QuotaInfo, Resource QuotaAdjusterSettings, Enablement
- **[Troubleshoot quota errorsStay organized with collectionsSave and categorize content based on your preferences. and more](references/quotas-9.md)** (~5,983 tokens)
  - Topics: Exceeding rate quotas, Exceeding quota values, Exceeding quota values during a service rollout

### Security

- **[BeyondProdStay organized with collectionsSave and categorize content based on your preferences.](references/security-1.md)** (~5,424 tokens)
  - Topics: Introduction, Containerized infrastructure, BeyondProd benefits
- **[Binary Authorization for BorgStay organized with collectionsSave and categorize content based on your preferences. and more](references/security-2.md)** (~6,490 tokens)
  - Topics: Introduction, BAB benefits, Our development and production process
- **[Cloud HSM architectureStay organized with collectionsSave and categorize content based on your preferences. and more](references/security-3.md)** (~7,209 tokens)
  - Topics: Overview, Cloud HSM management, Developer and user experience
- **[Confidential Space security overviewStay organized with collectionsSave and categorize content based on your preferences.](references/security-4.md)** (~5,133 tokens)
  - Topics: Components of a Confidential Space system, Examples of secure data processing, Protecting the integrity and confidentiality of a workload
- **[Revoke access to a Google Cloud projectStay organized with collectionsSave and categorize content based on your preferences. and more](references/security-5.md)** (~7,326 tokens)
  - Topics: Best practices for setting up your project, Scenarios for revoking access to Google Cloud projects, Revoke access
- **[Default encryption at restStay organized with collectionsSave and categorize content based on your preferences. and more](references/security-6.md)** (~5,629 tokens)
  - Topics: Keys in Google Cloud, How encryption at rest helps to secure data, What is customer data
- **[Application Layer Transport SecurityStay organized with collectionsSave and categorize content based on your preferences.](references/security-7.md)** (~6,836 tokens)
  - Topics: CIO-level summary, Introduction, Application-Level Security and ALTS
- **[Encryption in transit for Google CloudStay organized with collectionsSave and categorize content based on your preferences.](references/security-8.md)** (~2,871 tokens)
  - Topics: Authenticationintegrityand encryption, Encryption in transit between the end user and Google, Encryption in transit within Google networks
- **[Implement the CDMC key controls framework in a BigQuery data warehouseStay organized with collectionsSave and categorize content based on your preferences.](references/security-9.md)** (~9,274 tokens)
  - Topics: Architecture, Overview of the CDMC Key Controls Framework, 1 Data control compliance
- **[Data incident response processStay organized with collectionsSave and categorize content based on your preferences.](references/security-10.md)** (~2,900 tokens)
  - Topics: Data incident response, Team organization, Data incident response process
- **[Google infrastructure security design overviewStay organized with collectionsSave and categorize content based on your preferences.](references/security-11.md)** (~6,045 tokens)
  - Topics: Introduction, Secure low-level infrastructure, Secure service deployment
- **[Cloud Key Management Service encryptionStay organized with collectionsSave and categorize content based on your preferences.](references/security-12.md)** (~10,964 tokens)
  - Topics: Keys in Google Cloud, Cloud KMS principles, Sources and management options for cryptographic keys
- **[Google security overviewStay organized with collectionsSave and categorize content based on your preferences.](references/security-13.md)** (~6,650 tokens)
  - Topics: Introduction, Googles security and privacy-focused culture, Operational security
- **[How Google protects the physical and more](references/security-14.md)** (~5,261 tokens)
  - Topics: Physical-to-logical controls summary, Hardware hardening, Anomalous event detection
- **[How Google protects its production servicesStay organized with collectionsSave and categorize content based on your preferences.](references/security-15.md)** (~5,924 tokens)
  - Topics: Continuous improvement, Protecting production services, Protecting production machines
- **[Remote attestation of disaggregated machinesStay organized with collectionsSave and categorize content based on your preferences. and more](references/security-16.md)** (~7,874 tokens)
  - Topics: Overview, Recommended RTM properties, Remote attestation operations
- **[Cloud Build controls for generative AI use casesStay organized with collectionsSave and categorize content based on your preferences. and more](references/security-17.md)** (~7,866 tokens)
  - Topics: Required Cloud Build controls, Whats next, Required Cloud Identity controls
- **[IAM controls for generative AI use casesStay organized with collectionsSave and categorize content based on your preferences. and more](references/security-18.md)** (~5,042 tokens)
  - Topics: Required IAM controls, Recommended controls based on generative AI use case, Optional common controls
- **[Cloud Storage controls for generative AI use casesStay organized with collectionsSave and categorize content based on your preferences. and more](references/security-19.md)** (~6,852 tokens)
  - Topics: Required Cloud Storage controls, Recommended controls based on generative AI use case, Whats next
- **[Titan hardware chipStay organized with collectionsSave and categorize content based on your preferences.](references/security-20.md)** (~1,576 tokens)
  - Topics: The Titan chip family, Titan manufacturing identity, Titan integration
- **[Titanium hardware security architecture at GoogleStay organized with collectionsSave and categorize content based on your preferences.](references/security-21.md)** (~6,640 tokens)
  - Topics: Titanium hardware security architecture, Design principles of Titanium hardware security architecture, Security benefits of Titanium architectural components

### Terraform

- **[ResourcesStay organized with collectionsSave and categorize content based on your preferences. and more](references/terraform-1.md)** (~6,999 tokens)
  - Topics: Authenticate when using Terraform in a local development environment, Authenticate when running Terraform on Google Cloud, Authenticate when running Terraform on-premises or on a different cloud provider
- **[Best practices for root modulesStay organized with collectionsSave and categorize content based on your preferences. and more](references/terraform-2.md)** (~6,091 tokens)
  - Topics: Minimize the number of resources in each root module, Use separate directories for each application, Split applications into environment-specific subdirectories
- **[Terraform blueprints and modules for Google CloudStay organized with collectionsSave and categorize content based on your preferences. and more](references/terraform-3.md)** (~6,996 tokens)
  - Topics: Before you begin, Prepare the environment, Review the Terraform files
- **[Infrastructure as Code on Google CloudStay organized with collectionsSave and categorize content based on your preferences. and more](references/terraform-4.md)** (~6,506 tokens)
  - Topics: Benefits of IaC, IaC tools for Google Cloud, Whats next
- **[Create Terraform constraintsStay organized with collectionsSave and categorize content based on your preferences. and more](references/terraform-5.md)** (~7,632 tokens)
  - Topics: Before you begin, Constraint Framework, Create a constraint template
- **[Import your Google Cloud resources into Terraform stateStay organized with collectionsSave and categorize content based on your preferences. and more](references/terraform-6.md)** (~6,442 tokens)
  - Topics: Import resources one at a time, Import resources in bulk with a configuration-drivenimportblock, Import resources created after doing a bulk export
- **[Store Terraform state in a Cloud Storage bucketStay organized with collectionsSave and categorize content based on your preferences. and more](references/terraform-7.md)** (~3,867 tokens)
  - Topics: Objectives, Costs, Before you begin

## Usage Guidelines

1. **Identify relevant sections** - Match the user's question to the appropriate reference file(s)
2. **Load minimally** - Only read files directly relevant to the question to conserve context
3. **Cite sources** - Reference specific sections when answering
4. **Combine knowledge** - For complex questions, you may need multiple reference files

### When to use each reference:

- **Ai Ml**: Ai Ml-related features and documentation
- **Authentication**: Authentication-related features and documentation
- **Buildpacks**: Buildpacks-related features and documentation
- **Enterprise**: Enterprise-related features and documentation
- **General**: General documentation, overview, and getting started
- **Generative Ai**: Generative Ai-related features and documentation
- **Get Started**: Get Started-related features and documentation
- **Overview**: Overview-related features and documentation
- **Quotas**: Quotas-related features and documentation
- **Security**: Security-related features and documentation
- **Terraform**: Terraform-related features and documentation

Overview

This skill provides concise, practical guidance and reference material for working with Google Cloud across AI/ML, authentication, buildpacks, enterprise setup, generative AI, security, and Terraform. It centralizes common operational patterns, best practices, and troubleshooting steps to accelerate development, deployment, and governance on Google Cloud. Use it to find actionable next steps, configuration tips, and design tradeoffs for production systems.

How this skill works

I inspect documentation topics relevant to your question (AI/ML model selection and generative AI design, API keys and Application Default Credentials, Buildpacks and Procfile usage, enterprise foundation or Terraform deployment flows, security controls like BeyondProd and encryption, plus quotas and observability). I summarize recommended workflows, highlight configuration commands and options, and point out security and compliance considerations. When specific steps are needed I provide targeted, step-by-step guidance or configuration snippets you can apply immediately.

When to use it

  • Designing or deploying generative AI applications and picking models or SDKs
  • Setting up authentication, API keys, or Application Default Credentials for services and CLIs
  • Preparing production-ready builds with Buildpacks or configuring Procfiles
  • Provisioning enterprise foundations or deploying infrastructure with Terraform
  • Implementing security controls: BeyondProd, encryption at rest/in transit, Cloud HSM, access revocation
  • Troubleshooting quota limits, monitoring, or billing/export configurations

Best practices

  • Use Application Default Credentials for server-side code and restrict API keys with IP or referrer rules
  • Avoid embedding API keys in source; rotate and delete unused keys regularly
  • Follow BeyondProd principles for runtime enforcement and supply-chain protections (Binary Authorization, signed artifacts)
  • Use Buildpacks for reproducible images and include a Procfile for process definitions when needed
  • Deploy enterprise foundation with a reproducible Terraform flow and keep state in Cloud Storage with proper IAM
  • Monitor quotas and set alerts; request quota increases proactively for planned rollouts

Example use cases

  • Build a generative AI prototype using Google Cloud SDKs, choose a model based on latency and cost targets
  • Migrate application authentication to ADC and configure gcloud for CI/CD pipelines
  • Package a web app with Buildpacks, include a Procfile, and deploy to Cloud Run or GKE
  • Bootstrap an organization with Terraform templates provided in the setup flow and manage provisioning in Cloud Shell
  • Harden production services by enabling Binary Authorization, CMEK, and Cloud HSM for key protection

FAQ

When should I use API keys vs Application Default Credentials?

Use API keys for simple browser or public client scenarios with strict referrer/IP restrictions. Use ADC for server-to-server and CI/CD environments where identity and IAM controls are required.

How do I avoid quota surprises during a rollout?

Export billing and quota metrics to BigQuery or Monitoring, set alerts for quota usage, and request quota increases before high-traffic events.