How to overcome Gmail notification security for third-party Apps?

Reading Time: 3 minutes

This blog will be to allow sending Gmail notification through third-party apps. Currently, in a gsuite email id, the 2 Factor Authentication blocks unauthorized and less secure app access. eg. when we need to send notifications for alerts using Prometheus. We will see two ways to overcome it.

Gmail Notification Method 1: Less Secure App Access

If you visit you will see it is turned OFF or disabled.

Gmail Notification Less Secure Apps

You need to enable or Turn ON the access to allow Prometheus to send notifications.

Gmail notification Less secure apps ON

However, this method is less secure and temporary. As we cannot allow less secure apps to access our email. And now Gmail is removing this in accounts enabled with 2 Factor authentication.

Gmail Notification Less Secure Apps option disabled

So will use the second method

Gmail Notification Method 2: App Passwords

This method creates passwords for applications where you do not want to use your passwords as a chance of losing it someone who has access to the device where the application runs. Open this link:

Gmail Notification App Password

As this says “App passwords let you sign in to your Google Account from apps on devices that don’t support 2-Step Verification.” So we will use this method.

  1. Select Custom name or Other
  2. Type a name for the app. eg. email-alert
  3. Your new password is generated in 16-digit alphanumeric characters.
  4. Now you can see when it was created and when used
  5. once use is over you can delete it
App Passwords app selection
App Password App name
App Password generated
App Password created

How to Use

As read before, one use is in Prometheus, where we need to send email notifications. Now, simply add the email id as the username and the password generated as the password. Use this YAML as a reference:

- name: 'email'
  - sendResolved: true
    to: ''
    from: ''
    smarthost: ''
    authUsername: ''
    authIdentity: ''
      name: gmail-auth
      key: password

Here, a secret fills details of authPassword. The following YAML creates this secret.

apiVersion: v1
kind: Secret
type: Opaque
  name: gmail-auth
  namespace: monitoring
  password: anJrZ3Z6anBpYnB5YWhrZg==
  # base64 encoded password
  # echo -n 'password' | base64


knoldus Footer

Written by 

Vaibhav Kumar is a DevOps Engineer at Knoldus | Part of Nashtech with experience in architecting and automating integral deployments over infrastructure. Proficient in Jenkins, Git, AWS and in developing CI pipelines. Able to perform configuration management using ansible and infrastructure management using terraform. Like to script and do developing in Python. Other than AWS, have an experience in Google Cloud, Azure cloud services. Other than Jenkins, CI/CD in Azure Pipelines, GitHub Actions, Teamcity. Loves to explore new technologies and ways to improve work with automation.