How to overcome Gmail notification security for third-party Apps?

Reading Time: 3 minutes

This blog will be to allow sending Gmail notification through third-party apps. Currently, in a gsuite email id, the 2 Factor Authentication blocks unauthorized and less secure app access. eg. when we need to send notifications for alerts using Prometheus. We will see two ways to overcome it.

Gmail Notification Method 1: Less Secure App Access

If you visit https://myaccount.google.com/lesssecureapps you will see it is turned OFF or disabled.

Gmail Notification Less Secure Apps

You need to enable or Turn ON the access to allow Prometheus to send notifications.

Gmail notification Less secure apps ON

However, this method is less secure and temporary. As we cannot allow less secure apps to access our email. And now Gmail is removing this in accounts enabled with 2 Factor authentication.

Gmail Notification Less Secure Apps option disabled

So will use the second method

Gmail Notification Method 2: App Passwords

This method creates passwords for applications where you do not want to use your passwords as a chance of losing it someone who has access to the device where the application runs. Open this link: https://myaccount.google.com/apppasswords

Gmail Notification App Password

As this says “App passwords let you sign in to your Google Account from apps on devices that don’t support 2-Step Verification.” So we will use this method.

  1. Select Custom name or Other
  2. Type a name for the app. eg. email-alert
  3. Your new password is generated in 16-digit alphanumeric characters.
  4. Now you can see when it was created and when used
  5. once use is over you can delete it
App Passwords app selection
App Password App name
App Password generated
App Password created

How to Use

As read before, one use is in Prometheus, where we need to send email notifications. Now, simply add the email id as the username and the password generated as the password. Use this YAML as a reference:

receivers:
- name: 'email'
  emailConfigs:
  - sendResolved: true
    to: 'vaibhav.kumar@knoldus.com'
    from: 'vaibhav.kumar@knoldus.com'
    smarthost: 'smtp.gmail.com:587'
    authUsername: 'vaibhav.kumar@knoldus.com'
    authIdentity: 'vaibhav.kumar@knoldus.com'
    authPassword:
      name: gmail-auth
      key: password

Here, a secret fills details of authPassword. The following YAML creates this secret.

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: gmail-auth
  namespace: monitoring
data:
  password: anJrZ3Z6anBpYnB5YWhrZg==
  # base64 encoded password
  # echo -n 'password' | base64

Reference

  1. https://docs.openshift.com/container-platform/4.11/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.html
knoldus Footer

Written by 

Explorer of new technologies: from DevOps to Web 3

Leave a Reply