Edit on GitHub

Setup a Google Drive DVC Remote

In this guide we explain the existing ways to setup Google Drive remote storage for your DVC projects, along with the different benefits each one brings.

DVC uses the Google Drive API to synchronize your DVC project data with this type of remote storage, so it's subject to certain usage limits and quotas, which by default are shared with other GDrive remote storage users. For heavy use, it's highly recommended to connect using a custom Google Cloud project, which puts you in control of these limits.

Having your own GC project, it's also possible to use a service account for automating tasks that need to establish GDrive remote connections (e.g. CI/CD).

Quick start

To start using a Google Drive remote, you only need to add it with a valid URL format. Then use any DVC command that needs it (e.g. dvc pull, dvc fetch, dvc push). For example:

$ dvc remote add --default myremote \
                           gdrive://0AIac4JZqHhKmUk9PDA/dvcstore
$ dvc push

Go to the following link in your browser:

    https://accounts.google.com/o/oauth2/auth # ... copy this link

Enter verification code: # <- enter resulting code

See Authorization for more details.

URL format

There's a few alternatives to construct a GDrive remote URL for different uses, such as a folder or subfolder in root, shared folders not owned by your account, etc. The URL is formed with a base, and an optional path to an existing folder i.e. gdrive://<base>/path/to/folder. The base can be one of:

  1. Folder ID (recommended) - unique identifier for every Google Drive folder, including shared folders and shared drives* (these two can only be referenced by ID).

    $ dvc remote add myremote gdrive://0AIac4JZqHhKmUk9PDA

    or

    $ dvc remote add myremote \
                         gdrive://0AIac4JZqHhKmUk9PDA/Data/text

    0AIac4JZqHhKmUk9PDA above is the folder ID, and it can be found in the web browser address bar, for example https://drive.google.com/drive/folders/0AIac4JZqHhKmUk9PDA.

    * Please note the Shared drive limits on storage and uploads.

  2. root - indicates your topmost Google Drive folder ("My Drive").

    ⚠️ Only suitable for personal use, as sharing a remote configured this way would cause DVC to try synchronizing data to/from different Google Drives for every user.

    $ dvc remote add myremote gdrive://root/dvcstore

    We don't recommend using gdrive://root by itself, as it's likely used for many other reasons, and pushing data with DVC here can make it messy.

  3. appDataFolder - special hidden folder (unique per user) meant to store application-specific data. This is a good choice to prevent accidentally deleting remote storage data from the Google Drive web UI.

    ⚠️ Only suitable for personal use.

    $ dvc remote add myremote gdrive://appDataFolder

Optionally, follow these steps to create your own Google Cloud project and generate OAuth credentials for your GDrive remotes to connect to Google Drive. We highly recommend this for heavy use and advanced needs because:

  • you control your Google API usage limits, being able to request Google for an increase if needed.
  • it ensures optimal data transfer performance when you need it.
  • using a service account for automation tasks (e.g. CI/CD) is only possible this way.

DVC uses the Google Drive API to connect to your Google Drive. This requires a Google Cloud project that allows Drive API connections, and its OAuth credentials (client ID and client secret).

  1. Sign into the Google API Console.

    Double check you're using the intended Google account (upper-right corner).

  2. Select or Create a project for DVC remote connections.
  3. Enable the Drive API from the APIs & Services Dashboard (left sidebar), click on + ENABLE APIS AND SERVICES. Find and select the "Google Drive API" in the API Library, and click on the ENABLE button.

  4. Go back to APIs & Services in the left sidebar, and select OAuth consent screen. Chose a User Type and click CREATE. On the next screen, enter an Application name e.g. "DVC remote storage", and click the Save (scroll to bottom).
  5. From the left sidebar, select Credentials, and click the Create credentials dropdown to select OAuth client ID. Chose Other and click Create to proceed with a default client name.

  6. The newly generated client ID and client secret should be shown to you now, and you can always come back to Credentials to fetch them.

✅ It should be safe to share client ID and client secret among your team. These credentials are only used to generate the authorization URL you'll need to visit later in order to connect to the Google Drive.

Finally, use the dvc remote modify command to set the credentials (for each GDrive remote), for example:

$ dvc remote modify myremote gdrive_client_id <client ID>
$ dvc remote modify myremote gdrive_client_secret <client secret>

Note that Google Drive API usage limits/quotas apply per project client and can be reviewed in the OAuth consent screen. Please keep this in mind when sharing them, or you may exceed the limits.

Using service accounts

A service account is a Google account associated with your GCP project, and not a specific user. They are intended for scenarios where your code needs to access data on its own, e.g. running inside a Compute Engine, automatic CI/CD, etc. No interactive user OAuth authentication is needed.

This requires having your own GC project as explained above.

  1. To create a service account, navigate to IAM & Admin in the left sidebar, and select Service Accounts. Click + CREATE SERVICE ACCOUNT, on the next screen, enter Service account name e.g. "My DVC project", and click Create. Select Continue at the next Service account permissions page, click at + CREATE KEY, select P12 and Create. Download the generated .p12 key file to a safe location.

    ⚠️ Be careful about sharing the key file with others.

  2. Configure the remote to use the service account and tell if where to find the key file:

    $ dvc remote modify myremote gdrive_use_service_account true
    $ dvc remote modify myremote gdrive_service_account_email <service acct email>
    $ dvc remote modify myremote gdrive_service_account_p12_file_path path/to/file.p12

Authorization

On the first usage of a GDrive remote, for example when trying to dvc push for the first time after adding the remote with a valid URL, DVC will prompt you to visit a special Google authentication web page. There you'll need to sign into your Google account. The auth process will ask you to grant DVC the necessary permissions, and produce a verification code needed for DVC to complete the connection. On success, the necessary credentials will be saved in a Git-ignored file, located in .dvc/tmp/gdrive-user-credentials.json and they will be used automatically next time you run DVC.

⚠️ In order to prevent unauthorized access to your Google Drive, do not share these credentials with others. Each team member should go through this process individually.

If you use multiple GDrive remotes, by default they will be sharing the same .dvc/tmp/gdrive-user-credentials.json credentials file. It can be overridden with the gdrive_user_credentials_file setting:

$ dvc remote modify myremote gdrive_user_credentials_file \
                    .dvc/tmp/myremote-credentials.json

If you edit the config file manually, value must be either an absolute path or a path relative to the config file location.

⚠️ In order to prevent unauthorized access to your Google Drive, never commit this file with Git. Instead, add it into .gitignore and never share it with other people.

If you wish to change the user you have authenticated with, or for troubleshooting misc. token errors, simply remove the user credentials JSON file and authorize again.

Alternatively, a GDRIVE_CREDENTIALS_DATA can be set to pass user credentials in CI/CD systems, production setup, read-only file systems, etc. The content of this variable should be a string with JSON that has the same format as in the credentials files described above, and usually you get it going through the same authentication process. DVC reads this variable first, before the credentials file.

Please note our Privacy Policy (Google APIs).

Content

🐛 Found an issue? Let us know! Or fix it:

Edit on GitHub

Have a question? Join our chat, we will help you:

Discord Chat