Connect to Looker with MCP Toolbox in Google Cloud Run

How to start an MCP Toolbox instance in Google Cloud Run to connect to Looker.

  2 minute read  

Running MCP Toolbox in Google Cloud Run

It is easy to run MCP Toolbox in Google Cloud Run.

  1. Navigate to Cloud Run Overview in a Google Cloud Console project. Choose “Deploy container”:

    Deploy a Web Service

  2. Set the “Image name” to us-central1-docker.pkg.dev/database-toolbox/toolbox/toolbox:latest. Set the “Service name” to looker-mcp-toolbox and choose the “Region”. Note the “Endpoint URL”, you will need it later. Set the “Authentication” to “Public”.

    Image configuration

  3. Set “Service scaling” to Auto with a minimum number of instances of “1”. Set “Ingress” to “All”.

    Image configuration 2

  4. Now open the drop down for “Containers, Networking, Security”.

  5. Under “Container settings” set “Container arguments” to --prebuilt=looker,looker-dev, --port=8080, --address=0.0.0.0, and --mcp-prm-file=/app/prm_file.

    Container Settings

  6. Under “Variables & Secrets” set LOOKER_BASE_URL, setting it to the URL of your Looker server, and LOOKER_USE_CLIENT_OAUTH=true.

    Container variables

  7. Under “Container Volumes” mount a new Secret Volume with a mount path of /app. Create a new secret prm_file with the contents of the PRM, for example:

    {
"resource": "https://<your-cloud-run-url>/mcp",
"authorization_servers": ["https://<your-looker-instance>.looker.com"],
"scopes_supported": ["cors_api"]
}

    Create secret

    Container secret volume

  8. You may also need to go to IAM and grant the role “Secret Manager Secret Accessor” to your compute service account identity.

  9. Now click “Done” in the lower right corner. Then click Create to start the service.

  10. Validate the service is running by going to the URL, followed by /.well-known/oauth-protected-resource.

Tip

Be sure to look at the Toolbox CLI Reference, specifically the subsection on “Hardening Toolbox” for security recommendations. You may want to specify additional settings under “Container arguments”.

Using the MCP Toolbox Via OAuth and Gemini CLI

  1. Follow the directions to register the OAuth App in Looker

  2. In $HOME/.gemini/settings.json add the following stanza, using the Endpoint URL you saved earlier with /mcp appended.

    "mcpServers": {
    "looker": {
        "httpUrl": "https://<your-cloud-run-url>/mcp",
        "oauth": {
            "clientId": "gemini-cli",
            "redirectUri": "http://localhost:7777/oauth/callback"
        }
    }
},

  3. Start Gemini CLI and issue the command /mcp auth looker. Gemini CLI will start the OAuth flow. Approve access in the browser.

  4. Validate that everything works by issuing a prompt in Gemini CLI like “What Looker models do I have access to?”



Last modified June 18, 2026: chore(main): release 1.5.0 (#3379) (45c0f86)