diff --git a/.circleci/bazel.rc b/.circleci/bazel.rc
index b63cdfecbd..da0906c648 100644
--- a/.circleci/bazel.rc
+++ b/.circleci/bazel.rc
@@ -20,18 +20,6 @@ build --announce_rc
 # We use this when uploading artifacts after the build finishes
 build --symlink_prefix=dist/
 
-# Enable experimental CircleCI bazel remote cache proxy
-# See remote cache documentation in /docs/BAZEL.md
-build --experimental_remote_spawn_cache --remote_rest_cache=http://localhost:7643
-
-# Prevent unstable environment variables from tainting cache keys
-build --experimental_strict_action_env
-
-# Save downloaded repositories such as the go toolchain
-# This directory can then be included in the CircleCI cache
-# It should save time running the first build
-build --experimental_repository_cache=/home/circleci/bazel_repository_cache
-
 # Workaround https://github.com/bazelbuild/bazel/issues/3645
 # Bazel doesn't calculate the memory ceiling correctly when running under Docker.
 # Limit Bazel to consuming resources that fit in CircleCI "xlarge" class
diff --git a/.circleci/config.yml b/.circleci/config.yml
index 9514d30e92..f936f29bde 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -180,12 +180,20 @@ jobs:
       - checkout:
           <<: *post_checkout
       # See remote cache documentation in /docs/BAZEL.md
-      - run: .circleci/setup_cache.sh
       - run: sudo cp .circleci/bazel.rc /etc/bazel.bazelrc
-      - *setup-bazel-remote-cache
-
       - run: bazel run @nodejs//:yarn
-      - run: scripts/build-packages-dist.sh
+      - run:
+          # RBE is enabled by appending rbe-bazel.rc.
+          name: Enable RBE
+          command: 'sudo bash -c "cat .circleci/rbe-bazel.rc >> /etc/bazel.bazelrc"'
+      - run:
+          name: "Setup GCP environment"
+          command: 'openssl aes-256-cbc -d -in .circleci/gcp_token -k "${CIRCLE_PROJECT_REPONAME}" -out /home/circleci/.gcp_credentials'
+      - run:
+          name: build-packages-dist
+          command: scripts/build-packages-dist.sh
+          environment:
+            GOOGLE_APPLICATION_CREDENTIALS: /home/circleci/.gcp_credentials
 
       # Save the npm packages from //packages/... for other workflow jobs to read
       # https://circleci.com/docs/2.0/workflows/#using-workspaces-to-share-data-among-jobs
@@ -293,4 +301,4 @@ workflows:
                 - master
 notify:
   webhooks:
-    - url: https://ngbuilds.io/circle-build
\ No newline at end of file
+    - url: https://ngbuilds.io/circle-build
diff --git a/.circleci/gcp_token b/.circleci/gcp_token
new file mode 100644
index 0000000000..c77bcf6345
Binary files /dev/null and b/.circleci/gcp_token differ
diff --git a/.circleci/rbe-bazel.rc b/.circleci/rbe-bazel.rc
new file mode 100644
index 0000000000..d76aaeffa1
--- /dev/null
+++ b/.circleci/rbe-bazel.rc
@@ -0,0 +1,77 @@
+# These options are enabled when running on CI with Remote Build Execution.
+
+################################################################
+# Toolchain related flags for remote build execution.          #
+################################################################
+# Remote Build Execution requires a strong hash function, such as SHA256.
+startup --host_jvm_args=-Dbazel.DigestFunction=SHA256
+
+# Depending on how many machines are in the remote execution instance, setting
+# this higher can make builds faster by allowing more jobs to run in parallel.
+# Setting it too high can result in jobs that timeout, however, while waiting
+# for a remote machine to execute them.
+build --jobs=150
+
+# Set several flags related to specifying the platform, toolchain and java
+# properties.
+# These flags are duplicated rather than imported from (for example)
+# %workspace%/configs/ubuntu16_04_clang/1.0/toolchain.bazelrc to make this
+# bazelrc a standalone file that can be copied more easily.
+# These flags should only be used as is for the rbe-ubuntu16-04 container
+# and need to be adapted to work with other toolchain containers.
+build --host_javabase=@bazel_toolchains//configs/ubuntu16_04_clang/1.0:jdk8
+build --javabase=@bazel_toolchains//configs/ubuntu16_04_clang/1.0:jdk8
+build --host_java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8
+build --java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8
+build --crosstool_top=@bazel_toolchains//configs/ubuntu16_04_clang/1.0/bazel_0.15.0/default:toolchain
+build --action_env=BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1
+# Platform flags:
+# The toolchain container used for execution is defined in the target indicated
+# by "extra_execution_platforms", "host_platform" and "platforms".
+# If you are using your own toolchain container, you need to create a platform
+# target with "constraint_values" that allow for the toolchain specified with
+# "extra_toolchains" to be selected (given constraints defined in
+# "exec_compatible_with").
+# More about platforms: https://docs.bazel.build/versions/master/platforms.html
+build --extra_toolchains=@bazel_toolchains//configs/ubuntu16_04_clang/1.0/bazel_0.15.0/cpp:cc-toolchain-clang-x86_64-default
+build --extra_execution_platforms=@bazel_toolchains//configs/ubuntu16_04_clang/1.0:rbe_ubuntu1604
+build --host_platform=@bazel_toolchains//configs/ubuntu16_04_clang/1.0:rbe_ubuntu1604
+build --platforms=@bazel_toolchains//configs/ubuntu16_04_clang/1.0:rbe_ubuntu1604
+
+# Set various strategies so that all actions execute remotely. Mixing remote
+# and local execution will lead to errors unless the toolchain and remote
+# machine exactly match the host machine.
+build --spawn_strategy=remote
+build --strategy=Javac=remote
+build --strategy=Closure=remote
+build --genrule_strategy=remote
+build --define=EXECUTOR=remote
+
+# Enable the remote cache so action results can be shared across machines,
+# developers, and workspaces.
+build --remote_cache=remotebuildexecution.googleapis.com
+
+# Enable remote execution so actions are performed on the remote systems.
+build --remote_executor=remotebuildexecution.googleapis.com
+
+# Remote instance.
+build --remote_instance_name=projects/internal-200822/instances/default_instance
+
+# Enable encryption.
+build --tls_enabled=true
+
+# Enforce stricter environment rules, which eliminates some non-hermetic
+# behavior and therefore improves both the remote cache hit rate and the
+# correctness and repeatability of the build.
+build --experimental_strict_action_env=true
+
+# Set a higher timeout value, just in case.
+build --remote_timeout=3600
+
+# Enable authentication. This will pick up application default credentials by
+# default. You can use --auth_credentials=some_file.json to use a service
+# account credential instead.
+build --auth_enabled=true
+
+# Do not accept remote cache.
+build --remote_accept_cached=false
diff --git a/WORKSPACE b/WORKSPACE
index 82057ef802..6dc1dd1ce0 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -18,6 +18,16 @@ http_archive(
     sha256 = "95518adafc9a2b656667bbf517a952e54ce7f350779d0dd95133db4eb5c27fb1",
 )
 
+http_archive(
+  name = "bazel_toolchains",
+  urls = [
+    "https://mirror.bazel.build/github.com/bazelbuild/bazel-toolchains/archive/5124557861ebf4c0b67f98180bff1f8551e0b421.tar.gz",
+    "https://github.com/bazelbuild/bazel-toolchains/archive/5124557861ebf4c0b67f98180bff1f8551e0b421.tar.gz",
+  ],
+  strip_prefix = "bazel-toolchains-5124557861ebf4c0b67f98180bff1f8551e0b421",
+  sha256 = "c3b08805602cd1d2b67ebe96407c1e8c6ed3d4ce55236ae2efe2f1948f38168d",
+)
+
 http_archive(
     name = "io_bazel_rules_webtesting",
     url = "https://github.com/bazelbuild/rules_webtesting/archive/0.2.1.zip",