Predefined metadata keys

Linux Windows

Each metadata entry is stored on the metadata server as key-valuepairs. Metadata keys are case sensitive. Your keys can be either predefinedor custom metadata keys.

Predefined metadata keys are metadata keys that are created by Compute Engine.When you create a VM, Compute Engine automatically setsthe metadata values for some of these keys on that VM—for example, the VMinstance ID or the project ID. For predefined keys where Compute Engine doesn'tautomatically set a value, you can choose from a set of values that are availabledepending on the system configuration.Forexample, to enable OS login for a VM, you can set the value of theenable-osloginpredefined key toTRUE for that VM. To disable OS login for that VM, you can updatethe value of the key toFALSE.You can only update the values for these keys but not the keys themselves.

This document provides information about the predefined metadata keys thatCompute Engine provides in yourinstance/ andproject/ metadatadirectories.

For information about how VM metadata for Compute Engine is defined, categorized, and arranged,seeAbout VM metadata.

Predefined project metadata keys

Predefined metadata keys for project metadata are stored under the followingdirectory:

http://metadata.google.internal/computeMetadata/v1/project/

The following table provides a list of metadata keys and directories thatCompute Engine automatically creates in theproject/ metadata directory:

Metadata entry Description

Metadata entry	Description
`attributes/`	A directory of custom metadata values passed to the VMs in your project during startup or shutdown. These custom values can either be Google Cloud attributes or user-created metadata values. For a list of project-level Google Cloud attributes that you can set, seeProject attributes. For more information about setting custom metadata, seeSet custom metadata.
`numeric-project-id`	Thenumeric project ID (project number) of the instance, which is not the same as the project name that is visible in theGoogle Cloud console. This value is different from the`project-id` metadata entry value.
`project-id`	Theproject ID.

attributes/

A directory of custom metadata values passed to the VMs in your project during startup or shutdown. These custom values can either be Google Cloud attributes or user-created metadata values.

For a list of project-level Google Cloud attributes that you can set, seeProject attributes.

For more information about setting custom metadata, seeSet custom metadata.

numeric-project-id Thenumeric project ID (project number) of the instance, which is not the same as the project name that is visible in theGoogle Cloud console. This value is different from theproject-id metadata entry value.

project-id Theproject ID.

Predefined project attribute metadata keys

Predefined metadata keys for project attributes are stored under the followingdirectory:

http://metadata.google.internal/computeMetadata/v1/project/attributes/

The following table provides a list of metadata keys that, if set for your project,Compute Engine creates in theproject/attributes/ metadata directory,along with its associated effect:

Metadata entry	Description
`disable-legacy-endpoints`	Disables legacy metadata server endpoints for all VMs in your project. Legacy endpoints are deprecated, always set`disable-legacy-endpoints=TRUE`.
`enable-guest-attributes`	Sets guest attributes for the project. Guest attributes are custom VM instance metadata values that you can use to publish infrequent status notifications, low volume data, or low frequency data. These values are useful for indicating when startup scripts have finished or for providing other infrequent status notifications to other applications. Note: Any user or process on your VM instance can read and write to the namespaces and keys in`guest-attributes` metadata. For more information about guest attributes, see Set and query guest attributes.
`enable-os-inventory`	Enables or disables OS inventory for the project. Collects and stores OS information. This includes information such as hostname, kernel version, architecture, and installed packages. For more information about OS inventory, seeView operating system details.
`enable-oslogin`	Enables or disables SSH key management on your project. For more information about OS Login, seeSet up OS Login.
`enable-windows-ssh`	Preview This product or feature is subject to the "Pre-GA Offerings Terms" in the General Service Terms section of the Service Specific Terms. Pre-GA products and features are available "as is" and might have limited support. For more information, see thelaunch stage descriptions. Enables or disables SSH for Windows VMs. For more information, seeConnect to Windows VMs using SSH.
`google-compute-default-data-protection`	If set, stores the default option that is used to back up new instances created in the project. For more information, seeConfigure the default backup setting for the console.
`google-compute-default-region`	If set, stores the default region that is used by the project. For more information about setting default regions, seeDefault region and zone.
`google-compute-default-zone`	If set, stores the default zone that is used by the project. For more information about setting default zones, seeDefault region and zone.
`ssh-keys`	If you aremanaging SSH keys using metadata, this attribute lets you configure public SSH keys that can connect to VMs in this project. If there are multiple SSH keys, each key is separated by a newline character (`\n`). The value of the`ssh-keys` attribute is a string. Example:`"user1:ssh-rsa mypublickey user1@host.com\nuser2:ssh-rsa mypublickey user2@host.com"` SSH keys managed byOS Login aren't visible in metadata.
`sshKeys`	Deprecated: Use`ssh-keys`.
`vmdnssetting`	Enable zonal DNS and global DNS for the VMs in your project. For more information about using zonal DNS names for your VMs, seeUse Zonal DNS for your internal DNS type.

Predefined instance metadata keys

Predefined metadata keys for instance metadata are stored under the followingdirectory:

http://metadata.google.internal/computeMetadata/v1/instance/

The following table provides a list of metadata keys and directories thatCompute Engine automatically creates in theinstance/ metadata directory:

Metadata entry	Description
`attributes/`	A directory of custom metadata values passed to the VM during startup or shutdown. These custom values can either be Google Cloud attributes or user-created metadata values. For a list of instance-level Google Cloud attributes that you can set, seeInstance attributes For more information about setting custom metadata, seeSet custom metadata.
`cpu-platform`	CPU platform of the VM. For information about CPU platforms, seeCPU platforms.
`description`	The free-text description of an instance that is assigned using the`--description` flag by using the Google Cloud CLI or the API.
`disks/`	A directory of disks that are attached to the VM. For each disk, the following information is available: `device-name` `index` `interface` `mode` `type` For more information about disks, seeStorage options.
`gce-workload-certificates/`(Preview)	Stores the following endpoints for the managed workload identities feature used by applications running in the VM. `config-status`: Contains any errors in the configuration values provided through the VM metadata. `workload-identities`: Contains the identities managed by the Compute Engine control plane. This endpoint contains the X.509 certificate and the private key for the VM's trust domain. `trust-anchors`: Contains a set of trusted certificates for peer X.509 certificate chain validation. For more information, seeAuthenticate workloads to other workloads over mTLS.
`guest-attributes/`	Sets guest attributes for the VM. These custom values can either be Google Cloud attributes or user-created metadata values. For a list of instance-level Google Cloud attributes that you can set, seeInstance guest attributes Note: Any user or process on your VM instance can read and write to the namespaces and keys in`guest-attributes` metadata. For more information about guest attributes, see Set and query guest attributes.
`hostname`	The hostname of the VM.
`id`	The ID of the VM. This is a unique, numerical ID generated by Compute Engine for your project and the zone of the VM. You can use this ID to identify your VM, especially if you haven't assigned a custom name to the VM.
`image`	The operating system image used by the VM. This value has the following format:`projects/IMAGE_PROJECT/global/images/IMAGE_NAME`.
`legacy-endpoint-access/`	Stores the list of legacy endpoints. Values are`0.1` and`v1beta1`.
`licenses/`	A list of license code IDs that are used to attach the licenses to images, snapshots, and disks.
`machine-type`	The machine type for this VM. This value has the following format:`projects/PROJECT_NUM/machineTypes/MACHINE_TYPE`
`maintenance-event`	Indicates whether a maintenance event is affecting this VM. For more information, seeLive migrate.
`name`	The name of the VM.
`network-interfaces/`	A directory of network interfaces. For each network interface the following information is available: `access-configs/` `external-ip` `type` `dns-servers` `forwarded-ips/` `gateway` `ip` `ip-aliases/` `mac` `mtu` `network` `subnetmask` `target-instance-ips` For more information about network interfaces, seeMultiple network interfaces overview.
`partner-attributes/`(Preview)	A directory containing namespaces within which metadata entries are stored. The namespaces are created by Google Cloud services, which use partner-attributes to store their configurations. When there are no services using the partner-attributes, the directory is empty. For example,managed workload identities use partner-attributes for its configurations.
`preempted`	A boolean value that indicates whether a VM is about to be preempted.
`scheduling/`	Sets the scheduling options for the VM. Scheduling metadata values include the following: `on-host-maintenance`: indicates whether the VM terminates or live migrates during host maintenance. `automatic-restart`: If this value is`TRUE`, the VM automatically restarts after a maintenance event or crash. `preemptible`: If this value is`TRUE`, the VM is preemptible. This value is set when you create a VM, and it can't be changed. For more information about scheduling options, seeSet instance availability policies.
`service-accounts/`	A directory of service accounts associated with the VM. For each service account, the following information is available: `aliases` `email`: The email address for the service account. `identity`: A JSON Web Token that is unique to the VM. You must include the`audience` parameter in your request for this VM metadata value. For example,`?audience=http://www.example.com`. For information about how to request and verify instance identity tokens, seeVerify VM identity. `scopes`: The access scopes assigned to the service account. `token`: The`OAuth2` access token that can be used to authenticate applications. For information about access tokens, see Authenticating applications directly with access tokens. For more information about how Compute Engine uses service accounts, seeService accounts.
`tags`	Lists any network tags associated with the VM. For more information about network tags, seeAdd network tags.
`virtual-clock/drift-token`	The accumulated drift of the VM clock. Initialized to zero during instance creation and increased by the accumulated clock skew as the VMlive migrates.
`zone`	The zone where this VM is located. This value has the following format:`projects/PROJECT_NUM/zones/ZONE`

Predefined instance attribute metadata keys

Predefined metadata keys for instance attributes are stored under the followingdirectory:

http://metadata.google.internal/computeMetadata/v1/instance/attributes/

The following table provides a list of metadata keys that, if set for yourinstance, Compute Enginecreates in theinstance/attributes/ metadata directory, along with its associated effect:

Metadata entry	Description
`physical_host`	A hash string that represents the location of a VM created with a compact placement policy. For more information about this attribute, seeVerify the physical location of a VM.
`enable-oslogin`	Enables or disables SSH key management on your VM. For more information about OS Login, seeSet up OS Login.
`enable-windows-ssh` (Preview)	Enables or disables SSH for Windows VMs. For more information, seeConnect to Windows VMs using SSH.
`enable-workload-certificate` (Preview)	Enables or disables managed workload identities on a VM. For more information, seeEnable managed workload identities for individual VMs.
`vmdnssetting`	Enable zonal DNS and global DNS for the VM. For more information about using zonal DNS names for your VMs DNS, seeUse Zonal DNS for your internal DNS type.
`ssh-keys`	If you aremanaging SSH keys using metadata, this attribute lets you configure public SSH keys that can connect to VMs in this project. If there are multiple SSH keys, each key is separated by a newline character (`\n`). The value of the`ssh-keys` attribute is a string. Example:`"user1:ssh-rsa mypublickey user1@host.com\nuser2:ssh-rsa mypublickey user2@host.com"` SSH keys managed byOS Login aren't visible in metadata.
`block-project-ssh-keys`	Block project SSH keys from VMs that use metadata-based SSH keys. For more information, see Restrict SSH keys from VMs.
`disable-https-mds-setup`	Disables automatic HTTPS Metadata Server certificate provisioning by Compute Engine. For more information, see Enable automatic certificate setup.
`enable-https-mds-native-cert-store`	Enables Compute Engine to add the root certificate to the OS trust store during automatic HTTPS Metadata Server certificate provisioning. For more information, see Enabling root certificate storage in OS trust store.

Predefined guest attribute metadata keys

Predefined metadata keys for instance guest attributes are stored under thefollowing directory:

http://metadata.google.internal/computeMetadata/v1/instance/guest-attributes/

The following table provides a list of metadata keys and directories thatCompute Engine automatically creates in theinstance/guest-attributes/ metadatadirectory:

Metadata entry Description

Metadata entry	Description
`guestInventory/`	Stores OS inventory for the VM. Collects and stores OS details information. This includes information such as hostname, kernel version, architecture, and installed packages details. For more information about OS inventory, seeView operating system details.
`hostkeys/`	Stores SSH host keys. Host keys can be used to identify a particular host or machine. For information host keys, seeStoring host keys by enabling guest attributes.

guestInventory/

Stores OS inventory for the VM.

Collects and stores OS details information. This includes information such as hostname, kernel version, architecture, and installed packages details.

For more information about OS inventory, seeView operating system details.

hostkeys/

Stores SSH host keys. Host keys can be used to identify a particular host or machine.

For information host keys, seeStoring host keys by enabling guest attributes.

What's next?

Learn more aboutVM metadata.
Learn how toset custom metadata.
Learn how toset and query guest attributes.
Learn how toview and query VM metadata.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-15 UTC.

Movatterモバイル変換

Predefined metadata keys Stay organized with collections Save and categorize content based on your preferences.