Gmail app password¶
Mnemosynce sends backup reports via Gmail's SMTP server. Gmail does not allow your regular Google account password to be used for this — you must generate a dedicated app password instead. App passwords are 16-character strings that give a single application access to your Gmail account without exposing your main password.
Why an app password?
Google blocks sign-in attempts from apps that use only a username and password, treating them as less secure. App passwords are the approved way to grant SMTP access to a specific application while keeping your main account credentials safe.
Prerequisites¶
App passwords require 2-Step Verification to be enabled on your Google account. If you have not set it up yet, do that first:
- Go to myaccount.google.com.
- Click Security in the left sidebar.
- Under How you sign in to Google, click 2-Step Verification.
- Follow the prompts to enable it.
Once 2-Step Verification is active, app passwords become available.
Generating an app password¶
-
Go to myaccount.google.com/apppasswords. You may be asked to sign in again.
-
In the App name field, enter a recognisable label such as
Mnemosynce. -
Click Create.
-
Google displays a 16-character password in a yellow box, formatted as four groups of four letters (e.g.
abcd efgh ijkl mnop). Copy it now — Google will never show it again. -
Click Done.
Store the password immediately
Once you close the confirmation dialog, the app password cannot be retrieved. If you lose it, delete it and generate a new one.
Adding the password to Mnemosynce¶
The app password is supplied as an environment variable, never stored in
backup_config.yml.
Docker Compose — add it to your .env file:
Enter the password as a single 16-character string with no spaces.
Docker run — pass it directly:
docker run ... \
-e GMAIL_ADDRESS=your.account@gmail.com \
-e GMAIL_PASSWORD=abcdefghijklmnop \
ghcr.io/mark-me/mnemosynce:latest
File-based secret (sops-nix or similar):
echo "abcdefghijklmnop" > /etc/mnemosynce/gmail-password
chmod 600 /etc/mnemosynce/gmail-password
export GMAIL_PASSWORD_FILE=/etc/mnemosynce/gmail-password
Verifying the password¶
Once Mnemosynce is running, go to Settings → Connections and use the Email test panel. Enter a recipient address and click Send test email. A successful test confirms the app password is correct and SMTP access is working.
If the test fails, check:
- The
GMAIL_ADDRESSmatches the Google account the app password belongs to. - The password was copied without spaces.
- 2-Step Verification is still active on the account (disabling it invalidates all app passwords immediately).
Revoking an app password¶
If you suspect the password has been compromised, or you no longer need Mnemosynce to send email:
- Go to myaccount.google.com/apppasswords.
- Find the Mnemosynce entry and click the trash icon next to it.
- Generate a new one and update
GMAIL_PASSWORDin your.envfile if needed.