File: //snap/google-cloud-cli/394/help/man/man1/gcloud_alpha_firestore_databases_clone.1
.TH "GCLOUD_ALPHA_FIRESTORE_DATABASES_CLONE" 1
.SH "NAME"
.HP
gcloud alpha firestore databases clone \- clone a Google Cloud Firestore database from another
.SH "SYNOPSIS"
.HP
\f5gcloud alpha firestore databases clone\fR \fB\-\-destination\-database\fR=\fIDESTINATION_DATABASE\fR \fB\-\-snapshot\-time\fR=\fISNAPSHOT_TIME\fR \fB\-\-source\-database\fR=\fISOURCE_DATABASE\fR [\fB\-\-tags\fR=[\fIKEY\fR=\fIVALUE\fR,...]] [\fB\-\-encryption\-type\fR=\fIENCRYPTION_TYPE\fR\ :\ \fB\-\-kms\-key\-name\fR=\fIKMS_KEY_NAME\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]
.SH "EXAMPLES"
To clone a database from another:
.RS 2m
$ gcloud alpha firestore databases clone \e
\-\-source\-database=projects/PROJECT_ID/databases/\e
SOURCE_DATABASE \-\-snapshot\-time=2025\-05\-26T10:20:00.00Z \e
\-\-destination\-database=DATABASE_ID
.RE
To clone to a CMEK\-enabled database:
.RS 2m
$ gcloud alpha firestore databases clone \e
\-\-source\-database=projects/PROJECT_ID/databases/\e
SOURCE_DATABASE \-\-snapshot\-time=2025\-05\-26T10:20:00.00Z \e
\-\-destination\-database=DATABASE_ID \e
\-\-encryption\-type=customer\-managed\-encryption \e
\-\-kms\-key\-name=projects/PROJECT_ID/locations/LOCATION_ID/\e
keyRings/KEY_RING_ID/cryptoKeys/CRYPTO_KEY_ID
.RE
.SH "REQUIRED FLAGS"
.RS 2m
.TP 2m
\fB\-\-destination\-database\fR=\fIDESTINATION_DATABASE\fR
Destination database to clone to. Destination database will be created in the
same location as the source database.
This value should be 4\-63 characters. Valid characters are /[a\-z][0\-9]\-/
with first character a letter and the last a letter or a number. Must not be
UUID\-like /[0\-9a\-f]8(\-[0\-9a\-f]4)3\-[0\-9a\-f]12/.
Using "(default)" database ID is also allowed.
For example, to clone to database \f5testdb\fR:
.RS 2m
$ gcloud alpha firestore databases clone \e
\-\-destination\-database=testdb
.RE
.TP 2m
\fB\-\-snapshot\-time\fR=\fISNAPSHOT_TIME\fR
Snapshot time at which to clone. This must be a whole minute, in the past, and
not earlier than the source database's earliest_version_time. Additionally, if
older than one hour in the past, PITR must be enabled on the source database.
For example, to restore from snapshot \f52025\-05\-26T10:20:00.00Z\fR of source
database \f5source\-db\fR:
.RS 2m
$ gcloud alpha firestore databases clone \e
\-\-source\-database=projects/PROJECT_ID/databases/source\-db \e
\-\-snapshot\-time=2025\-05\-26T10:20:00.00Z
.RE
.TP 2m
\fB\-\-source\-database\fR=\fISOURCE_DATABASE\fR
The source database to clone from.
For example, to clone from database source\-db:
.RS 2m
$ gcloud alpha firestore databases clone \e
\-\-source\-database=projects/PROJECT_ID/databases/source\-db
.RE
.RE
.sp
.SH "OPTIONAL FLAGS"
.RS 2m
.TP 2m
\fB\-\-tags\fR=[\fIKEY\fR=\fIVALUE\fR,...]
Tags to attach to the destination database. Example:
\-\-tags=key1=value1,key2=value2
For example, to attach tags to a database:
$ \-\-tags=key1=value1,key2=value2
.TP 2m
The encryption configuration of the new database being created from the
database. If not specified, the same encryption settings as the database will be
used.
To create a CMEK\-enabled database:
.RS 2m
$ gcloud alpha firestore databases clone \e
\-\-encryption\-type=customer\-managed\-encryption \e
\-\-kms\-key\-name=projects/PROJECT_ID/locations/LOCATION_ID/\e
keyRings/KEY_RING_ID/cryptoKeys/CRYPTO_KEY_ID
.RE
To create a Google\-default\-encrypted database:
.RS 2m
$ gcloud alpha firestore databases clone \e
\-\-encryption\-type=google\-default\-encryption
.RE
To create a database using the same encryption settings as the database:
.RS 2m
$ gcloud alpha firestore databases clone \e
\-\-encryption\-type=use\-source\-encryption
.RE
.RS 2m
.TP 2m
\fB\-\-encryption\-type\fR=\fIENCRYPTION_TYPE\fR
The encryption type of the destination database. \fIENCRYPTION_TYPE\fR must be
one of: \fBuse\-source\-encryption\fR, \fBcustomer\-managed\-encryption\fR,
\fBgoogle\-default\-encryption\fR.
This flag argument must be specified if any of the other arguments in this group
are specified.
.TP 2m
\fB\-\-kms\-key\-name\fR=\fIKMS_KEY_NAME\fR
The resource ID of a Cloud KMS key. If set, the database created will be a
Customer\-Managed Encryption Key (CMEK) database encrypted with this key. This
feature is allowlist only in initial launch.
Only a key in the same location as this database is allowed to be used for
encryption. For Firestore's nam5 multi\-region, this corresponds to Cloud KMS
location us. For Firestore's eur3 multi\-region, this corresponds to Cloud KMS
location europe. See https://cloud.google.com/kms/docs/locations.
This value should be the KMS key resource ID in the format of
\f5projects/{project_id}/locations/{kms_location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}\fR.
How to retrieve this resource ID is listed at
https://cloud.google.com/kms/docs/getting\-resource\-ids#getting_the_id_for_a_key_and_version.
This flag must only be specified when encryption\-type is
\f5customer\-managed\-encryption\fR.
.RE
.RE
.sp
.SH "GCLOUD WIDE FLAGS"
These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.
Run \fB$ gcloud help\fR for details.
.SH "NOTES"
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation\-only early access
allowlist.