{"id":50543841,"url":"https://github.com/colonelpanic8/gmail-mcp","last_synced_at":"2026-06-03T22:01:53.768Z","repository":{"id":334667100,"uuid":"1142222158","full_name":"colonelpanic8/gmail-mcp","owner":"colonelpanic8","description":"Gmail MCP Server with Nix flake and agenix secrets","archived":false,"fork":false,"pushed_at":"2026-02-03T23:03:29.000Z","size":10,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-02-04T11:42:51.024Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Nix","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/colonelpanic8.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-26T05:39:29.000Z","updated_at":"2026-02-03T23:03:38.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/colonelpanic8/gmail-mcp","commit_stats":null,"previous_names":["colonelpanic8/gmail-mcp"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/colonelpanic8/gmail-mcp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/colonelpanic8%2Fgmail-mcp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/colonelpanic8%2Fgmail-mcp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/colonelpanic8%2Fgmail-mcp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/colonelpanic8%2Fgmail-mcp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/colonelpanic8","download_url":"https://codeload.github.com/colonelpanic8/gmail-mcp/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/colonelpanic8%2Fgmail-mcp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33881107,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-03T02:00:06.370Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-03T22:01:53.694Z","updated_at":"2026-06-03T22:01:53.763Z","avatar_url":"https://github.com/colonelpanic8.png","language":"Nix","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Gmail MCP Server\n\nA Nix flake for running the [Gmail MCP Server](https://github.com/GongRzhe/Gmail-MCP-Server) with encrypted credentials managed via agenix.\n\n## Project Structure\n\n```\ngmail-mcp/\n├── flake.nix                              # Nix flake with all scripts and dependencies\n├── flake.lock                             # Locked dependencies\n├── secrets.nix                            # Age public keys for encryption\n├── secrets/\n│   ├── gmail-oauth-credentials.json.age   # Encrypted Google OAuth client credentials\n│   └── gmail-oauth-token.json.age         # Encrypted OAuth refresh token\n├── .gitignore                             # Excludes unencrypted secrets\n└── .envrc                                 # direnv configuration\n```\n\n## Prerequisites\n\n- Nix with flakes enabled\n- An SSH ed25519 key at `~/.ssh/id_ed25519`\n- direnv (optional but recommended)\n\n## Quick Start (Existing Setup)\n\nIf the encrypted secrets already exist and your SSH key is in `secrets.nix`:\n\n```bash\ngit clone https://github.com/colonelpanic8/gmail-mcp.git\ncd gmail-mcp\ndirenv allow  # or: nix develop\ngmail-mcp-setup  # Decrypts credentials to ~/.gmail-mcp/\n```\n\nThen configure Claude Code:\n\n```bash\nclaude mcp add --scope user gmail -- nix run github:colonelpanic8/gmail-mcp\n```\n\n## Initial Setup (New Installation)\n\n### 1. Clone and enter the development shell\n\n```bash\ngit clone https://github.com/colonelpanic8/gmail-mcp.git\ncd gmail-mcp\ndirenv allow  # or: nix develop\n```\n\n### 2. Set up Google Cloud OAuth\n\n1. Create a Google Cloud project at https://console.cloud.google.com\n2. Enable the Gmail API\n3. Configure OAuth consent screen (External, add your email as test user)\n4. Create OAuth credentials (Desktop app)\n5. Download the credentials JSON\n\n### 3. Add your age public key to secrets.nix\n\n```bash\n# Get your age public key from your SSH key\nssh-to-age \u003c ~/.ssh/id_ed25519.pub\n\n# Edit secrets.nix and replace/add your public key\n```\n\n### 4. Encrypt your credentials\n\n```bash\n# Encrypt the OAuth client credentials\nage -r \"YOUR_AGE_PUBLIC_KEY\" -o secrets/gmail-oauth-credentials.json.age credentials.json\n\n# Remove the unencrypted file\nrm credentials.json\n```\n\n### 5. Authenticate with Gmail\n\n```bash\ngmail-mcp-setup  # Decrypts credentials to ~/.gmail-mcp/\nnpx @gongrzhe/server-gmail-autoauth-mcp auth  # Opens browser for OAuth\ngmail-mcp-encrypt-token  # Encrypts the token for portability\ngit add secrets/gmail-oauth-token.json.age \u0026\u0026 git commit -m \"Add encrypted token\"\n```\n\n## Commands\n\n| Command | Description |\n|---------|-------------|\n| `gmail-mcp-setup` | Decrypt credentials and token to `~/.gmail-mcp/` |\n| `gmail-mcp-server` | Run the Gmail MCP server |\n| `gmail-mcp-encrypt-token` | Encrypt token after OAuth authentication |\n\n## Testing the Setup\n\n```bash\n# Verify credentials are decrypted\nls -la ~/.gmail-mcp/\n# Should show: gcp-oauth.keys.json and credentials.json\n\n# Test the server starts (Ctrl+C to stop)\ngmail-mcp-server\n\n# The server communicates via stdio - it will appear to hang waiting for input\n# This is normal. Use Ctrl+C to exit.\n```\n\n## Environment Variables\n\n| Variable | Default | Description |\n|----------|---------|-------------|\n| `GMAIL_MCP_SECRETS_DIR` | `~/.gmail-mcp` | Directory for decrypted credentials |\n| `SSH_KEY` | `~/.ssh/id_ed25519` | SSH key for age decryption |\n| `GMAIL_MCP_REPO` | Current directory | Repo path for encrypting token |\n\n## Adding Additional Users\n\nTo allow another person/machine to decrypt the secrets:\n\n1. Get their age public key: `ssh-to-age \u003c their_key.pub`\n2. Add it to `secrets.nix`\n3. Re-encrypt the secrets with all keys:\n\n```bash\nagenix -r  # Re-encrypts all secrets with updated keys\n```\n\n## Troubleshooting\n\n### \"No credentials file found\"\n- Make sure you're running commands from the repo directory\n- Or set `GMAIL_MCP_REPO=/path/to/gmail-mcp`\n\n### \"age: error: no identity matched any of the recipients\"\n- Your SSH key doesn't match any public key in `secrets.nix`\n- Add your age public key to `secrets.nix` and run `agenix -r`\n\n### OAuth token expired\n```bash\nnpx @gongrzhe/server-gmail-autoauth-mcp auth  # Re-authenticate\ngmail-mcp-encrypt-token  # Re-encrypt the new token\n```\n\n## Security Notes\n\n- OAuth credentials and tokens are encrypted with age and safe to commit\n- Only users with matching SSH keys in `secrets.nix` can decrypt\n- Decrypted credentials stored in `~/.gmail-mcp/` are excluded from git\n- The `.age` files use age encryption with your SSH key converted via ssh-to-age\n\n## For AI Agents\n\nThis section provides context for AI coding assistants working with this repo.\n\n### Key Files\n- `flake.nix` - Contains all shell scripts (`gmail-mcp-setup`, `gmail-mcp-server`, `gmail-mcp-encrypt-token`) as Nix derivations\n- `secrets.nix` - List of age public keys that can decrypt secrets\n- `secrets/*.age` - Encrypted files (credentials and OAuth token)\n\n### Common Tasks\n\n**User wants to use Gmail MCP:**\n1. Ensure `gmail-mcp-setup` has been run (checks for `~/.gmail-mcp/credentials.json`)\n2. The MCP server is available via `nix run github:colonelpanic8/gmail-mcp`\n\n**User needs to add a new machine/person:**\n1. Get their age public key: `ssh-to-age \u003c ~/.ssh/id_ed25519.pub`\n2. Add to `secrets.nix`\n3. Run `agenix -r` to re-encrypt\n\n**OAuth token expired:**\n1. Run `npx @gongrzhe/server-gmail-autoauth-mcp auth`\n2. Run `gmail-mcp-encrypt-token`\n3. Commit the updated `.age` file\n\n### What NOT to Do\n- Never commit unencrypted `.json` files in `secrets/`\n- Never expose the contents of decrypted credentials\n- Don't modify encrypted `.age` files directly - use age/agenix commands\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcolonelpanic8%2Fgmail-mcp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcolonelpanic8%2Fgmail-mcp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcolonelpanic8%2Fgmail-mcp/lists"}