Enables deployment of MCP servers to Google Cloud Run with authentication and identity token security
An example MCP server deployable to Cloud Run that is secured by authentication and requires an identity token to access.
Full Codelab tutorial available here: https://codelabs.developers.google.com/codelabs/cloud-run/how-to-deploy-a-secure-mcp-server-on-cloud-run
From the project root directory run the following command:
gcloud CLIAuthenticate the gcloud CLI using the following command:
This will trigger an OAuth 2.0 flow and will prompt you to login to your Google account. Log in to your account using your credentials then return to your terminal once completed.
Set the environment variables related to your GCP project in the set_env.sh script. From the shell terminal run the following to source its variables:
Run the following command to deploy the MCP server to Cloud Run:
Cloud Run: Invoker role to end user accountThe --no-allow-unauthenticated flag of the Cloud Run deployment command secures the MCP server by requiring an Authorization header with a valid Bearer <token> is presented to the server to allow traffic through.
Run the following command to give your user account permissions to invoke the MCP server on Cloud Run.
Save your Google Cloud credentials and project number in environment variables for use in the Gemini CLI tool.
You may need to re-run the command to export an ID_TOKEN if the token timteout expires.
To test the MCP Server and its authentication requirement, you will need an MCP Client.
To quickly test this setup, you can use the Gemini CLI. To install it you can run the following command from your shell:
This will install the latest Gemini CLI and requires having node package manager (npm) installed.
Gemini CLI settings.json fileTo tell the Gemini CLI to use your Cloud Run MCP Server with required Authentication parameters:
Open your Gemini CLI settings file:
Add the zoo-remote server to the list of mcpServers available. Replace the PROJECT_NUMBER and GOOGLE_CLOUD_LOCATION with the settings for your project (if this is your first one, you can copy the settings below).
To retrieve a new token and update your settings file you can run the script update_token.sh to insert the updated token into the MCP server settings.
Start the Gemini CLI from your shell:
List MCP tools available to the Gemini CLI (MCP Client):
Ask gemini to find something in the zoo:
You may need to tell the Gemini CLI to allow execution of the MCP tool running on the remote server.
The output should indicate that an MCP server tool defined in server.py was used.
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
A secure MCP server example that demonstrates how to deploy to Google Cloud Run with authentication and identity token protection. Serves as a tutorial template for building production-ready MCP servers in the cloud.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/vishal84/mcp-server-cloud-run'
If you have feedback or need assistance with the MCP directory API, please join our Discord server