mcp-google-multi
Gives MCP clients access to Google Workspace (Gmail, Drive, Calendar, Sheets, Docs, etc.) across multiple Google accounts simultaneously.
README
mcp-google-multi
A local MCP server that gives Claude Code (and any MCP client) access to your Google Workspace โ Gmail, Drive, Calendar, Sheets, Docs, Contacts, Tasks, Meet, Search Console (plus optional Forms, Chat, and Workspace Admin) โ across multiple Google accounts at once.
Open-source and funded by IdeaCrafters โ the studio that pays for its development and upkeep.
- ๐ Multi-account โ drive any number of your Google accounts from one server, each by a short alias.
- ๐ Secure by default โ refresh tokens encrypted at rest (AES-256-GCM); writes are deny-by-default; no telemetry โ it talks only to Google.
- ๐ฆ npm-first โ install and run with
npx; everything configured through env vars. - ๐งฐ ~170 tools across 12 services โ full list in COVERAGE.md.
v5 is local + user-OAuth only. Service accounts and hosting (and the APIs they unlock) are on the roadmap. Upgrading from v4? Jump to Upgrading.
Quick start
You need Node 20+, a Google Cloud OAuth client (~2 min โ setup below), and a random 32-byte key.
# 1) install
npm i -g mcp-google-multi
# 2) put your config + creds in the environment (see "Configuration").
# Easiest for a quick try โ export them, or drop a .env in your working dir:
# GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, GOOGLE_ACCOUNTS, MASTER_KEY, GOOGLE_PROFILE
# 3) authenticate each account (opens a browser; one-time per account)
mcp-google-multi auth --account work
mcp-google-multi auth --account personal
# 4) register with Claude Code
claude mcp add google-multi -s user -- npx -y mcp-google-multi
Restart your MCP client and the tools appear. Tokens are written encrypted to ~/.config/mcp-google-multi/tokens/ (override with TOKEN_STORE_PATH) โ useless to anyone without your MASTER_KEY.
Generate a key: openssl rand -base64 32.
Recommended: keep secrets in a vault (Infisical)
A plaintext .env is fine to try it out, but for a daily driver, don't leave GOOGLE_CLIENT_SECRET + MASTER_KEY on disk โ inject them at launch from a secrets manager. The server just reads process.env (it has no idea where the values come from), so wrap it with Infisical:
#!/usr/bin/env bash
# ~/.local/bin/mcp-google-multi-run โ chmod +x, then register this as the MCP command
set -euo pipefail
export INFISICAL_TOKEN="$(infisical login --method=universal-auth \
--client-id "$YOUR_CLIENT_ID" --client-secret "$YOUR_CLIENT_SECRET" --plain --silent)"
exec infisical run --projectId <project> --env prod --path /mcp-google-multi \
-- npx -y mcp-google-multi
claude mcp add google-multi -s user -- ~/.local/bin/mcp-google-multi-run
Now the only thing on disk is the encrypted token store. Pass the token via the INFISICAL_TOKEN env var (as above), not a --token flag, so it never shows up in ps. (Any secrets manager works โ Doppler, Vault, 1Password CLI, etc. โ the pattern is the same.)
Configuration
| Env var | Required | Description |
|---|---|---|
GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET |
โ | OAuth Desktop client from Google Cloud |
GOOGLE_ACCOUNTS |
โ | alias:email,โฆ โ e.g. work:you@co.com,personal:you@gmail.com |
MASTER_KEY |
โ | base64 32-byte key that encrypts the token store (openssl rand -base64 32) |
GOOGLE_PROFILE |
โ | write policy: read-only (default) ยท safe-writes ยท full-writes |
GOOGLE_READ_ONLY |
โ | true = hard kill-switch for all writes |
GOOGLE_WRITE_ALLOW / GOOGLE_WRITE_DENY |
โ | glob overrides, e.g. calendar:*, *:delete* |
GOOGLE_OPTIONAL_SCOPES |
โ | extra bundles: forms, chat |
GOOGLE_ADMIN_ACCOUNTS |
โ | aliases granted Workspace-admin scopes (the account's own super-admin OAuth) |
TOKEN_STORE_PATH |
โ | override the encrypted token dir (default: ~/.config/mcp-google-multi/tokens) |
Inspect the resolved setup any time: mcp-google-multi config check.
Write-control (deny-by-default)
Reads are never gated. Every create/update/delete is off until you opt in โ pick a profile:
GOOGLE_PROFILE |
Allows |
|---|---|
read-only (default) |
reads only |
safe-writes |
create + update (deletes still blocked) |
full-writes |
everything |
GOOGLE_READ_ONLY=true overrides all. For fine control: GOOGLE_WRITE_ALLOW="calendar:*, sheets:update*" and GOOGLE_WRITE_DENY="*:delete*" (deny wins). mcp-google-multi config check prints the resolved policy and exactly which tools are enabled.
What's covered
~170 tools across Gmail, Drive, Calendar, Sheets, Docs, Contacts, Search Console, Tasks, Meet, and (optional) Forms, Chat, Workspace Admin. Full per-tool list โ COVERAGE.md. Every tool takes an account argument matching one of your aliases.
Google Cloud setup
- Google Cloud Console โ create or select a project.
- Enable the APIs you'll use: Gmail, Drive, Calendar, Sheets, Docs, People, Search Console, Tasks, Meet (+ Forms / Chat / Admin SDK if you enable those bundles).
- APIs & Services โ Credentials โ Create Credentials โ OAuth client ID โ Desktop app.
- Add the redirect URI
http://localhost:4242/oauth2callback. - Copy the Client ID + Client Secret into your environment.
Upgrading from v4
v5 is a breaking change, but the migration is a one-time, ~2-minute step:
- Update:
npm i -g mcp-google-multi@latest(or update your client config). - Add
MASTER_KEYto your environment (openssl rand -base64 32) โ now required. - Encrypt existing tokens:
mcp-google-multi migrate-tokens(reads your oldtokens/<alias>/token.jsonand encrypts them) โ or just re-auth each account. - Writes are now deny-by-default โ set
GOOGLE_PROFILE=safe-writes(orfull-writes) to keep writing. (GOOGLE_ALLOW_ADMIN_WRITESis gone โ replaced by write-control profiles.)
Security
Your OAuth, your machine. Refresh tokens are AES-256-GCM encrypted at rest (decryptable only with your MASTER_KEY), writes are deny-by-default, and the server has no telemetry โ it connects only to Google's APIs. Found a vulnerability? Report it privately โ see SECURITY.md, never a public issue.
Roadmap
Maintainer-led. Direction is tracked publicly as GitHub Milestones (discover-first tooling โ exhaustive API coverage โ service accounts + hosting in v6). Not accepting unsolicited feature PRs; bug reports are welcome.
Contributing
See CONTRIBUTING.md and the Code of Conduct. Security issues go to SECURITY.md, never a public issue.
Credits
Built and maintained by Abdelbaki Berkati โ berkati.xyz ยท @bakissation. Read the case study โ
Development is funded by IdeaCrafters (@IdeaCraftersHQ) โ the studio that pays for this OSS to exist.
License
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.