Which integrations are available for this server?

Enables querying and managing Google Cloud BigQuery datasets, tables, and schemas with Workload Identity Federation authentication, including executing SQL queries, listing datasets and tables, and retrieving table schema information.

How do I use GCP BigQuery MCP Server?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@GCP BigQuery MCP Server show me the schema for the sales_data table in the analytics dataset" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

de en es ja ko ru zh

GCP BigQuery MCP Server

by erayguner

Overview Schema Related Servers Score Discussions

TypeScript

Remote

GCP BigQuery MCP Server

MegaLinter TypeScript Node MCP SDK OpenTelemetry License: MIT PRs Welcome

Enterprise-grade MCP (Model Context Protocol) server for Google Cloud Platform BigQuery with Workload Identity Federation authentication. Provides secure, keyless access to BigQuery through the Model Context Protocol.

Key Features

Zero Service Account Keys - 100% Workload Identity Federation
Google Workspace Integration - OIDC user authentication
MCP Protocol Compliant - Follows official MCP SDK best practices (2025-11-25 spec)
Gemini Enterprise Ready - OAuth 2.0 discovery (RFC 8414/9728), strict Streamable HTTP transport
Resource Templates - RFC 6570 URI templates for dataset/table/schema/sample/job/INFORMATION_SCHEMA
Cost Elicitation Gate - Per-query dry-run guardrail that surfaces high-cost confirmations to clients
Multi-tenant - YAML allowlist + IAM Conditions on BigQuery datasets
Security Middleware - Rate limiting, prompt injection detection, data redaction
Model Armor Pre-flight - Optional content-safety screening before tool execution
Private Service Connect - Optional private ingress for enterprise consumers
Customer-Managed Encryption - CMEK for BigQuery datasets
Comprehensive Audit Logging - 2555-day (7-year) retention via Cloud Logging log bucket with linked BigQuery dataset for compliance
Terraform Infrastructure - Complete IaC for reproducible deployments
Cloud Run Deployment - Serverless, auto-scaling architecture
OpenTelemetry - Distributed tracing and per-tenant metrics

Project Structure

db-mcp/
├── src/                       # TypeScript source code
│   ├── auth/                  # WIF authentication modules
│   ├── bigquery/              # BigQuery client, discovery, optimization
│   ├── mcp/                   # MCP protocol handlers and tools
│   ├── security/              # Security middleware
│   ├── monitoring/            # Health checks and monitoring
│   ├── telemetry/             # OpenTelemetry instrumentation
│   ├── config/                # Configuration management
│   └── utils/                 # Logging utilities
├── tests/                     # Unit, integration, and performance tests
├── terraform/                 # Infrastructure as Code
│   └── modules/               # Reusable Terraform modules
├── docs/                      # Comprehensive documentation
├── scripts/                   # Deployment and utility scripts
├── examples/                  # Usage examples
├── .github/workflows/         # CI/CD automation
└── Dockerfile                 # Production container image

Security Architecture

Traditional Approach (Avoided)

Service account keys stored in files/secrets
Permanent credentials that never expire
Manual key rotation required
High risk of credential leakage

Workload Identity Federation (Implemented)

No keys anywhere in the system
1-hour token lifetime with automatic rotation
Attribute-based access for fine-grained control
Complete audit trail for all access
90% reduction in attack surface

Quick Start

Prerequisites

GCP Project with billing enabled
Terraform >= 1.5.0
Node.js >= 22.0.0
Docker (for containerization)

Installation

# Clone and install dependencies
npm install

# Copy environment configuration
cp .env.example .env

# Build the project
npm run build

Local Development

# Development mode with hot reload
npm run dev

# Run tests
npm test

# Type checking
npm run typecheck

Production Deployment

All production infrastructure — including the Cloud Run service — is managed by Terraform. Container images are stored in Artifact Registry (europe-west2-docker.pkg.dev). Direct gcloud run deploy commands are not used in production.

# Build and push container image to Artifact Registry
docker build -t europe-west2-docker.pkg.dev/YOUR_PROJECT/db-mcp/mcp-bigquery-server:latest .
docker push europe-west2-docker.pkg.dev/YOUR_PROJECT/db-mcp/mcp-bigquery-server:latest

# Deploy infrastructure with Terraform (provisions Cloud Run + all supporting resources)
cd terraform
terraform init
terraform apply

MCP Tools

The server provides these MCP tools:

Tool	Description
`query_bigquery`	Execute SQL queries on BigQuery datasets
`list_datasets`	List all available BigQuery datasets
`list_tables`	List tables in a specific dataset
`get_table_schema`	Get schema information for a table

Server Capabilities:

Resources: BigQuery datasets listing
Tools: Query execution and schema inspection
Stderr Logging: All logs to stderr (JSON-RPC compatible)
Graceful Shutdown: SIGTERM/SIGINT handling

Architecture

Client Request
  ↓
MCP Protocol Layer (JSON-RPC)
  ↓
Security Middleware (rate limiting, injection detection)
  ↓
Workload Identity Federation
  ↓ (OIDC Token)
Identity Pool
  ↓ (Attribute Mapping)
Service Account Impersonation
  ↓ (1-hour access token)
BigQuery API

Core Components

Workload Identity Federation - Identity pools for dev/staging/prod with OIDC providers
Security Middleware - Rate limiting, prompt injection detection, SQL injection prevention
BigQuery Integration - Connection pooling, query optimization, dataset discovery
Monitoring - Health checks, OpenTelemetry tracing, Cloud Monitoring integration

Documentation

Document	Description
Usage Guide	Complete guide for local dev, testing, and production
Gemini Enterprise Deployment	Runbook for registering as a Gemini Enterprise custom MCP connector
MCP Compliance	MCP 2025-11-25 spec compliance matrix and gap implementations
Architecture	System design and component documentation
Security	Security middleware and best practices
WIF Guide	Workload Identity Federation details
Deployment	Full production deployment guide
Docker	Container configuration
Monitoring	Observability setup
Documentation Index	Complete documentation map

Testing

# Run all tests
npm test

# Run specific test suites
npm run test:unit
npm run test:integration
npm run test:performance

# Run with coverage
npm run test:coverage

# Watch mode
npm run test:watch

Development Commands

npm run build       # Build TypeScript
npm run dev         # Development with hot reload
npm run start       # Start production server
npm run lint        # Run ESLint
npm run lint:fix    # Fix linting issues
npm run format      # Format with Prettier
npm run typecheck   # TypeScript type checking

CI/CD

GitHub Actions workflow automatically:

Runs tests on pull requests
Builds and pushes Docker image
Deploys to Cloud Run on main branch
Uses Workload Identity Federation (no keys)

Monitoring

Cloud Monitoring: Pre-configured dashboards with tenant_id dimension on mcp.tool.calls.total and mcp.tool.call.duration
Cloud Logging: Structured JSON logs
Cloud Trace: Distributed tracing via OpenTelemetry with tenant.id span attribute
Audit Logs: 2555-day retention in Cloud Logging log bucket, linked to BigQuery for long-term analysis
Alerts: Email/Slack notifications

Compliance

GDPR: Data residency and access logging
HIPAA: Access controls and audit trails
SOC 2: Identity management and monitoring
PCI-DSS: Authentication and authorization

Contributing

Contributions welcome! See CONTRIBUTING.md for guidelines.

License

MIT License - see LICENSE for details

Acknowledgments

Built with MCP SDK
Powered by Google Cloud BigQuery
Infrastructure by Terraform

Status: Production Ready Version: 1.0.0 Last Updated: April 2026

This server cannot be installed

license - permissive license

quality - not tested

maintenance

How are these scores calculated?

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Appeared in Searches

Google Cloud Platform (GCP) resources and information

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/erayguner/db-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server