Google Cloud Storage

Open a namespace

import os
os.environ["GOOGLE_APPLICATION_CREDENTIALS"] = "/etc/gcs-key.json"

import namidb as tg
client = tg.Client("gs://my-bucket/data?ns=prod")

Or pin the service-account path per URI:

client = tg.Client(
    "gs://my-bucket?ns=prod&service_account=/etc/gcs-key.json"
)

Permissions

The service account needs:

• storage.objects.get
• storage.objects.create
• storage.objects.delete
• storage.objects.list

The pre-built Storage Object User role covers all four.

Workload Identity (GKE / Cloud Run)

When NamiDB runs inside GCP, prefer Workload Identity Federation over a long-lived JSON key. NamiDB picks up the federated identity through the standard GOOGLE_APPLICATION_CREDENTIALS chain — no NamiDB-specific config needed.

Conditional writes

GCS supports the x-goog-if-generation-match header, which object_store maps to the same conditional-write semantics NamiDB uses on S3. The same single-writer-per-namespace + epoch-CAS invariants apply.

See also

• URI grammar
• Configuration