Provides Gmail-related MCP access via a secure enclave with a remote SSE endpoint.
Configuration
View docs{
"mcpServers": {
"gmail_mcp": {
"url": "https://gmail.mcp.freysa.ai/sse/?ADDR=<[email protected]>&ASP=<your app-specific password>"
}
}
}You set up and use a dedicated MCP server that exposes Gmail-related capabilities over a remote connection. This server runs in a secure enclave, provides a simple HTTP-based MCP endpoint, and you can connect to it from your MCP client to perform actions against Gmail in a controlled, isolated environment.
To use this MCP server, obtain an app-specific password from your Gmail account. Then configure your MCP client to connect to the server using the provided HTTP endpoint. You only need to paste the connection block into your client’s MCP configuration and restart the client if required.
Prerequisites: you need a machine with internet access and the ability to run the required setup commands. You will also need an app-specific password from Gmail to authenticate.
Step 1: Prepare the server environment and obtain the codebase. Follow the standard setup process described for deploying this MCP server inside a secure enclave. You will run a setup script to download necessary dependencies.
Step 2: Allocate resources for the enclave if you are operating in a dedicated hardware environment. Increase memory for the enclave allocator if needed and restart the allocator service to apply changes.
Step 3: Build and run the enclave-enabled server in production mode. Use the provided build and run commands to start the enclave-backed server.
Step 4: Start supporting proxy services. Run the provided proxy component so your MCP client can communicate with the server, then verify the health endpoint to confirm the server is running inside the enclave.
Connection details: use the HTTP transport endpoint to connect your MCP client. The exact URL a client should use is the following, with your credentials inserted where indicated: https://gmail.mcp.freysa.ai/sse/?ADDR=<[email protected]>&ASP=<your app-specific password>. This endpoint is intended for remote access over a secure channel.
Security note: this is a proof-of-concept implementation. Passing app-specific passwords in URLs can be logged or leaked through various channels. If you require stronger authentication in a production setting, consider running your own instance or using secure networking practices such as a VPN.
Verify the code attestation: you can reproduce running the code in an AWS Nitro enclave locally to verify the intended codebase. Build the verifier, run it, and then use the attestation fields in the verification UI to confirm the code’s integrity.
Run your own instance in a TEE: deploy on a sufficiently large AWS EC2 instance with Nitro enabled, ensure required ports are open, clone the project, run the setup script, adjust enclave memory if needed, build the enclave, and run it in production mode.
Use your MCP server: start the gvproxy component so your MCP client can route requests to the enclave-backed server. Then verify the server health by querying the health endpoint.
Verifies that the intended codebase is running in the AWS Nitro enclave by rebuilding and running a local verifier UI, then comparing attestation data.
Prepares the Nitro enclave environment on AWS, including memory allocation adjustments and enabling Nitro services.
Configures and runs the proxy that forwards MCP client requests to the enclave-backed server.
Provides a health check endpoint to confirm the MCP server is active and responsive inside the enclave.
Builds and runs the enclave-enabled MCP server in production mode.