gcloud alpha firestore databases clone

NAME
gcloud alpha firestore databases clone - clone a Google Cloud Firestore database from another
SYNOPSIS
gcloud alpha firestore databases clone--destination-database=DESTINATION_DATABASE--snapshot-time=SNAPSHOT_TIME--source-database=SOURCE_DATABASE[--tags=[KEY=VALUE,…]][--encryption-type=ENCRYPTION_TYPE :--kms-key-name=KMS_KEY_NAME][GCLOUD_WIDE_FLAG]
EXAMPLES
To clone a database from another:
gcloudalphafirestoredatabasesclone--source-database=projects/PROJECT_ID/databases/SOURCE_DATABASE--snapshot-time=2025-05-26T10:20:00.00Z--destination-database=DATABASE_ID

To clone to a CMEK-enabled database:

gcloudalphafirestoredatabasesclone--source-database=projects/PROJECT_ID/databases/SOURCE_DATABASE--snapshot-time=2025-05-26T10:20:00.00Z--destination-database=DATABASE_ID--encryption-type=customer-managed-encryption--kms-key-name=projects/PROJECT_ID/locations/LOCATION_ID/keyRings/KEY_RING_ID/cryptoKeys/CRYPTO_KEY_ID
REQUIRED FLAGS
--destination-database=DESTINATION_DATABASE
Destination database to clone to. Destination database will be created in thesame location as the source database.

This value should be 4-63 characters. Valid characters are /[a-z][0-9]-/ withfirst character a letter and the last a letter or a number. Must not beUUID-like /[0-9a-f]8(-[0-9a-f]4)3-[0-9a-f]12/.

Using "(default)" database ID is also allowed.

For example, to clone to databasetestdb:

gcloudalphafirestoredatabasesclone--destination-database=testdb
--snapshot-time=SNAPSHOT_TIME
Snapshot time at which to clone. This must be a whole minute, in the past, andnot earlier than the source database's earliest_version_time. Additionally, ifolder than one hour in the past, PITR must be enabled on the source database.

For example, to restore from snapshot2025-05-26T10:20:00.00Z ofsource databasesource-db:

gcloudalphafirestoredatabasesclone--source-database=projects/PROJECT_ID/databases/source-db--snapshot-time=2025-05-26T10:20:00.00Z
--source-database=SOURCE_DATABASE
The source database to clone from.

For example, to clone from database source-db:

gcloudalphafirestoredatabasesclone--source-database=projects/PROJECT_ID/databases/source-db
OPTIONAL FLAGS
--tags=[KEY=VALUE,…]
Tags to attach to the destination database. Example:--tags=key1=value1,key2=value2

For example, to attach tags to a database:

$ --tags=key1=value1,key2=value2

The encryption configuration of the new database being created from thedatabase. If not specified, the same encryption settings as the database will beused.

To create a CMEK-enabled database:

gcloudalphafirestoredatabasesclone--encryption-type=customer-managed-encryption--kms-key-name=projects/PROJECT_ID/locations/LOCATION_ID/keyRings/KEY_RING_ID/cryptoKeys/CRYPTO_KEY_ID

To create a Google-default-encrypted database:

gcloudalphafirestoredatabasesclone--encryption-type=google-default-encryption

To create a database using the same encryption settings as the database:

gcloudalphafirestoredatabasesclone--encryption-type=use-source-encryption
--encryption-type=ENCRYPTION_TYPE
The encryption type of the destination database.ENCRYPTION_TYPE must be one of:use-source-encryption,customer-managed-encryption,google-default-encryption.

This flag argument must be specified if any of the other arguments in this groupare specified.

--kms-key-name=KMS_KEY_NAME
The resource ID of a Cloud KMS key. If set, the database created will be aCustomer-Managed Encryption Key (CMEK) database encrypted with this key. Thisfeature is allowlist only in initial launch.

Only a key in the same location as this database is allowed to be used forencryption. For Firestore's nam5 multi-region, this corresponds to Cloud KMSlocation us. For Firestore's eur3 multi-region, this corresponds to Cloud KMSlocation europe. Seehttps://cloud.google.com/kms/docs/locations.

This value should be the KMS key resource ID in the format ofprojects/{project_id}/locations/{kms_location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.How to retrieve this resource ID is listed athttps://cloud.google.com/kms/docs/getting-resource-ids#getting_the_id_for_a_key_and_version.This flag must only be specified when encryption-type iscustomer-managed-encryption.

GCLOUD WIDE FLAGS
These flags are available to all commands:--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.

Run$gcloud help for details.

NOTES
This command is currently in alpha and might change without notice. If thiscommand fails with API permission errors despite specifying the correct project,you might be trying to access an API with an invitation-only early accessallowlist. These variants are also available:
gcloudfirestoredatabasesclone
gcloudbetafirestoredatabasesclone

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-11-11 UTC.