terraform/website/docs/backends/types/gcs.html.md

---
layout: "backend-types"
page_title: "Backend Type: gcs"
sidebar_current: "docs-backends-types-standard-gcs"
description: |-
  Terraform can store the state remotely, making it easier to version and work with in a team.
---

# gcs

**Kind: Standard (with locking)**

Stores the state as an object in a configurable prefix and bucket on [Google Cloud Storage](https://cloud.google.com/storage/) (GCS).

## Example Configuration

```hcl
terraform {
  backend "gcs" {
    bucket  = "tf-state-prod"
    prefix  = "terraform/state"
  }
}
```

## Example Referencing

```hcl
data "terraform_remote_state" "foo" {
  backend = "gcs"
  config = {
    bucket  = "terraform-state"
    prefix  = "prod"
  }
}

resource "template_file" "bar" {
  template = "${greeting}"

  vars {
    greeting = "${data.terraform_remote_state.foo.greeting}"
  }
}
```

## Configuration variables

The following configuration options are supported:

 *  `bucket` - (Required) The name of the GCS bucket.
    This name must be globally unique.
    For more information, see [Bucket Naming Guidelines](https://cloud.google.com/storage/docs/bucketnaming.html#requirements).
 *  `credentials` / `GOOGLE_CREDENTIALS` - (Optional) Local path to Google Cloud Platform account credentials in JSON format.
    If unset, [Google Application Default Credentials](https://developers.google.com/identity/protocols/application-default-credentials) are used.
    The provided credentials need to have the `devstorage.read_write` scope and `WRITER` permissions on the bucket.
 *  `prefix` - (Optional) GCS prefix inside the bucket. Named states for workspaces are stored in an object called `<prefix>/<name>.tfstate`.
 *  `path` - (Deprecated) GCS path to the state file of the default state. For backwards compatibility only, use `prefix` instead.
 *  `project` / `GOOGLE_PROJECT` - (Optional) The project ID to which the bucket belongs. This is only used when creating a new bucket during initialization.
    Since buckets have globally unique names, the project ID is not required to access the bucket during normal operation.
 *  `region` / `GOOGLE_REGION` - (Optional) The region in which a new bucket is created.
    For more information, see [Bucket Locations](https://cloud.google.com/storage/docs/bucket-locations).
 *  `encryption_key` / `GOOGLE_ENCRYPTION_KEY` - (Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state. For more information see [Customer Supplied Encryption Keys](https://cloud.google.com/storage/docs/encryption#customer-supplied).
website: working on backend types 2017-02-15 19:47:30 +01:00			`---`
website: document backend types 2017-02-15 21:19:38 +01:00			`layout: "backend-types"`
			`page_title: "Backend Type: gcs"`
			`sidebar_current: "docs-backends-types-standard-gcs"`
website: working on backend types 2017-02-15 19:47:30 +01:00			`description: \|-`
			`Terraform can store the state remotely, making it easier to version and work with in a team.`
			`---`

			`# gcs`

backend/remote-state/gcs: Document the "prefix" option. "state_dir" has been renamed to "prefix" to better fix the GCS terminology. 2017-09-11 08:25:42 +02:00			`Kind: Standard (with locking)`
website: working on backend types 2017-02-15 19:47:30 +01:00
backend/remote-state/gcs: Document the "prefix" option. "state_dir" has been renamed to "prefix" to better fix the GCS terminology. 2017-09-11 08:25:42 +02:00			`Stores the state as an object in a configurable prefix and bucket on [Google Cloud Storage](https://cloud.google.com/storage/) (GCS).`
website: working on backend types 2017-02-15 19:47:30 +01:00
website: document backend types 2017-02-15 21:19:38 +01:00			`## Example Configuration`
website: working on backend types 2017-02-15 19:47:30 +01:00
Add HCL syntax highlighting for everything but providers 2017-04-05 17:29:27 +02:00			```hcl
website: document backend types 2017-02-15 21:19:38 +01:00			`terraform {`
			`backend "gcs" {`
backend/remote-state/gcs: Document the "prefix" option. "state_dir" has been renamed to "prefix" to better fix the GCS terminology. 2017-09-11 08:25:42 +02:00			`bucket = "tf-state-prod"`
			`prefix = "terraform/state"`
website: document backend types 2017-02-15 21:19:38 +01:00			`}`
			`}`
website: working on backend types 2017-02-15 19:47:30 +01:00			```

			`## Example Referencing`

			```hcl
			`data "terraform_remote_state" "foo" {`
Add HCL syntax highlighting for everything but providers 2017-04-05 17:29:27 +02:00			`backend = "gcs"`
website: update terraform_remote_state syntax in backend docs 2018-10-29 17:22:21 +01:00			`config = {`
backend/remote-state/gcs: Document the "prefix" option. "state_dir" has been renamed to "prefix" to better fix the GCS terminology. 2017-09-11 08:25:42 +02:00			`bucket = "terraform-state"`
			`prefix = "prod"`
Add HCL syntax highlighting for everything but providers 2017-04-05 17:29:27 +02:00			`}`
website: working on backend types 2017-02-15 19:47:30 +01:00			`}`

			`resource "template_file" "bar" {`
			`template = "${greeting}"`

			`vars {`
			`greeting = "${data.terraform_remote_state.foo.greeting}"`
			`}`
			`}`
			```

			`## Configuration variables`

			`The following configuration options are supported:`

website/docs/backends/types/gcs.html.md: Update. * Remove the (unused) "project" option. * Mark the "credentials" option as optional; document behavior when unset. * Mark the "path" option as deprecated (was: legacy) to match Terraform's terminology. 2017-09-12 11:12:23 +02:00			* `bucket` - (Required) The name of the GCS bucket.
backend/remote-state/gcs: Improve "bucket" and "credentials" documentation. 2017-09-12 13:58:36 +02:00			`This name must be globally unique.`
			`For more information, see [Bucket Naming Guidelines](https://cloud.google.com/storage/docs/bucketnaming.html#requirements).`
website/docs/backends/types/gcs.html.md: Update. * Remove the (unused) "project" option. * Mark the "credentials" option as optional; document behavior when unset. * Mark the "path" option as deprecated (was: legacy) to match Terraform's terminology. 2017-09-12 11:12:23 +02:00			* `credentials` / `GOOGLE_CREDENTIALS` - (Optional) Local path to Google Cloud Platform account credentials in JSON format.
			`If unset, [Google Application Default Credentials](https://developers.google.com/identity/protocols/application-default-credentials) are used.`
backend/remote-state/gcs: Improve "bucket" and "credentials" documentation. 2017-09-12 13:58:36 +02:00			The provided credentials need to have the `devstorage.read_write` scope and `WRITER` permissions on the bucket.
add gcs to the backends that support workspaces Also add the term "workspaces" to the `prefix` documentation. 2017-12-14 16:08:41 +01:00			* `prefix` - (Optional) GCS prefix inside the bucket. Named states for workspaces are stored in an object called `<prefix>/<name>.tfstate`.
website/docs/backends/types/gcs.html.md: Update. * Remove the (unused) "project" option. * Mark the "credentials" option as optional; document behavior when unset. * Mark the "path" option as deprecated (was: legacy) to match Terraform's terminology. 2017-09-12 11:12:23 +02:00			* `path` - (Deprecated) GCS path to the state file of the default state. For backwards compatibility only, use `prefix` instead.
backend/remote-state/gcs: Add support for the GOOGLE_PROJECT environment variable. This copies behavior from the Google Cloud provider. 2017-09-13 15:48:36 +02:00			* `project` / `GOOGLE_PROJECT` - (Optional) The project ID to which the bucket belongs. This is only used when creating a new bucket during initialization.
backend/remote-state/gcs: Automatically create the bucket if needed. This resurrects the previously documented but unused "project" option. This option is required to create buckets (so they are associated with the right cloud project) but not to access the buckets later on (because their names are globally unique). 2017-09-12 13:57:42 +02:00			`Since buckets have globally unique names, the project ID is not required to access the bucket during normal operation.`
backend/remote-state/gcs: Implement the "region" config option. This allows to select the region in which a bucket is created. This copies behavior from the Google Cloud provider. 2017-09-13 15:52:39 +02:00			* `region` / `GOOGLE_REGION` - (Optional) The region in which a new bucket is created.
			`For more information, see [Bucket Locations](https://cloud.google.com/storage/docs/bucket-locations).`
Support 'customer supplied encryption keys' in the GCS backend https://cloud.google.com/storage/docs/encryption#customer-supplied GCS state created using customer supplied encryption keys can only be read or modified using the same key. 2017-12-18 01:59:10 +01:00			* `encryption_key` / `GOOGLE_ENCRYPTION_KEY` - (Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state. For more information see [Customer Supplied Encryption Keys](https://cloud.google.com/storage/docs/encryption#customer-supplied).