gcloud firestore databases clone (original) (raw)

NAME

gcloud firestore databases clone - clone a Google Cloud Firestore database from another

SYNOPSIS

gcloud firestore databases clone [--destination-database](#--destination-database)=DESTINATION_DATABASE [--snapshot-time](#--snapshot-time)=SNAPSHOT_TIME [--source-database](#--source-database)=SOURCE_DATABASE [[--tags](#--tags)=[KEY=VALUE,…]] [[--encryption-type](#--encryption-type)=ENCRYPTION_TYPE : [--kms-key-name](#--kms-key-name)=KMS_KEY_NAME] [[GCLOUD_WIDE_FLAG](#GCLOUD-WIDE-FLAGS) …]

EXAMPLES

To clone a database from another:

gcloud firestore databases clone --source-database=projects/PROJECT_ID/databases/SOURCE_DATABASE --snapshot-time=2025-05-26T10:20:00.00Z --destination-database=DATABASE_ID

To clone to a CMEK-enabled database:

gcloud firestore databases clone --source-database=projects/PROJECT_ID/databases/SOURCE_DATABASE --snapshot-time=2025-05-26T10:20:00.00Z --destination-database=DATABASE_ID --encryption-type=customer-managed-encryption --kms-key-name=projects/PROJECT_ID/locations/LOCATION_ID/keyRings/KEY_RING_ID/cryptoKeys/CRYPTO_KEY_ID

REQUIRED FLAGS

--destination-database=DESTINATION_DATABASE

Destination database to clone to. Destination database will be created in the same location as the source database.

This value should be 4-63 characters. Valid characters are /[a-z][0-9]-/ with first character a letter and the last a letter or a number. Must not be UUID-like /[0-9a-f]8(-[0-9a-f]4)3-[0-9a-f]12/.

Using "(default)" database ID is also allowed.

For example, to clone to database testdb:

gcloud firestore databases clone --destination-database=testdb

--snapshot-time=SNAPSHOT_TIME

Snapshot time at which to clone. This must be a whole minute, in the past, and not earlier than the source database's earliest_version_time. Additionally, if older than one hour in the past, PITR must be enabled on the source database.

For example, to restore from snapshot 2025-05-26T10:20:00.00Z of source database source-db:

gcloud firestore databases clone --source-database=projects/PROJECT_ID/databases/source-db --snapshot-time=2025-05-26T10:20:00.00Z

--source-database=SOURCE_DATABASE

The source database to clone from.

For example, to clone from database source-db:

gcloud firestore databases clone --source-database=projects/PROJECT_ID/databases/source-db

OPTIONAL FLAGS

--tags=[KEY=VALUE,…]

Tags to attach to the destination database. Example: --tags=key1=value1,key2=value2

For example, to attach tags to a database:

$ --tags=key1=value1,key2=value2

The encryption configuration of the new database being created from the database. If not specified, the same encryption settings as the database will be used.

To create a CMEK-enabled database:

gcloud firestore databases clone --encryption-type=customer-managed-encryption --kms-key-name=projects/PROJECT_ID/locations/LOCATION_ID/keyRings/KEY_RING_ID/cryptoKeys/CRYPTO_KEY_ID

To create a Google-default-encrypted database:

gcloud firestore databases clone --encryption-type=google-default-encryption

To create a database using the same encryption settings as the database:

gcloud firestore databases clone --encryption-type=use-source-encryption

--encryption-type=ENCRYPTION_TYPE

The encryption type of the destination database.ENCRYPTION_TYPE must be one of:use-source-encryption, customer-managed-encryption,google-default-encryption.

This flag argument must be specified if any of the other arguments in this group are specified.

--kms-key-name=KMS_KEY_NAME

The resource ID of a Cloud KMS key. If set, the database created will be a Customer-Managed Encryption Key (CMEK) database encrypted with this key. This feature is allowlist only in initial launch.

Only a key in the same location as this database is allowed to be used for encryption. For Firestore's nam5 multi-region, this corresponds to Cloud KMS location us. For Firestore's eur3 multi-region, this corresponds to Cloud KMS location europe. See https://cloud.google.com/kms/docs/locations.

This value should be the KMS key resource ID in the format ofprojects/{project_id}/locations/{kms_location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. How to retrieve this resource ID is listed at https://cloud.google.com/kms/docs/getting-resource-ids#getting_the_id_for_a_key_and_version. This flag must only be specified when encryption-type iscustomer-managed-encryption.

GCLOUD WIDE FLAGS

These flags are available to all commands: [--access-token-file](/sdk/gcloud/reference#--access-token-file),[--account](/sdk/gcloud/reference#--account), [--billing-project](/sdk/gcloud/reference#--billing-project),[--configuration](/sdk/gcloud/reference#--configuration),[--flags-file](/sdk/gcloud/reference#--flags-file),[--flatten](/sdk/gcloud/reference#--flatten), [--format](/sdk/gcloud/reference#--format), [--help](/sdk/gcloud/reference#--help), [--impersonate-service-account](/sdk/gcloud/reference#--impersonate-service-account),[--log-http](/sdk/gcloud/reference#--log-http),[--project](/sdk/gcloud/reference#--project), [--quiet](/sdk/gcloud/reference#--quiet), [--trace-token](/sdk/gcloud/reference#--trace-token), [--user-output-enabled](/sdk/gcloud/reference#--user-output-enabled),[--verbosity](/sdk/gcloud/reference#--verbosity).

Run $ [gcloud help](/sdk/gcloud/reference) for details.

NOTES

These variants are also available:

gcloud alpha firestore databases clone

gcloud beta firestore databases clone