Skip to content
CLI Tool

Secure Gmail CLI for AI Agents

Lock down Gmail API access from your terminal. One npm install, one OAuth flow, and your AI agents only see what your rules allow. No dashboards, no GUIs, just fast and scriptable security.

The Problem

Giving AI agents direct access to your data is risky. Here's what can go wrong.

Manual Token Rotation Scripts

Custom token rotation scripts hold raw credentials in environment variables and CI secrets, leaving entire inboxes exposed if a single secret leaks.

No Scriptable Access Controls

Google's admin console is point-and-click, with no way to define Gmail access rules in a config file or apply them across environments with a single command.

Inconsistent Security Across Pipelines

Different teams configure Gmail scopes independently with no central, scriptable policy, so drift goes undetected until a breach.

How PortEden Protects You

Six layers of security between AI agents and your data.

Config-as-Code Rules

Define Gmail security rules in a declarative config file, version them in git, and deploy with the same workflow you use for application code.

Terminal-Based Visibility Controls

Set what agents can see from the command line: full content, headers only, or redacted bodies, with changes taking effect instantly.

Scriptable Action Limits

Restrict agents to read-only or draft-only through config flags, with the CLI enforcing limits on every request.

Contact Rules via CLI Flags

Block agents from accessing emails from specific senders or domains, with rules taking effect immediately from the command line or a config file.

Get Started in 3 Steps

1

Install the CLI

Run npm install to add the PortEden CLI to your project as a global tool or dev dependency.

2

Authenticate and Configure

Connect your Gmail account with a single OAuth command, then define your rules in a config file.

3

Deploy Your Rules

Point your AI agents to the PortEden proxy so every Gmail API call is filtered through your config.

Without vs. With PortEden

Without PortEden

  • Raw Gmail OAuth tokens stored in environment variables and CI secrets
  • Access rules managed through Google's point-and-click admin console
  • No version control for security policies across environments
  • Each team configures Gmail scopes independently with no central policy

With PortEden

  • OAuth tokens stored securely by the CLI, never exposed to agents
  • Rules defined in config files, versioned in git, deployed via CI/CD
  • Consistent security policy across dev, staging, and production
  • One config file governs all agents accessing Gmail

Related Solutions

Ready to secure your data?

Set up PortEden in under 5 minutes. Free tier available.

Read the Docs