How I Gave My openclaw Assistant Access to Google Workspace (On Hostinger VPS)

πŸš€ How I Gave My openclaw Assistant Access to Google Workspace (On Hostinger VPS)

The complete guide to integrating Gmail, Calendar, Drive, and Sheets with your self-hosted Openclaw assistant

Picture this: You're lying in bed at 11 PM, and you suddenly remember you need to check if you have any meetings tomorrow. Instead of reaching for your phone, opening Google Calendar, and squinting at the screen, you simply ask your openclaw Telegram bot:

You: "What's on my calendar tomorrow?"
Openclaw: "You have 2 events: Team standup at 9:00 AM and Client presentation at 2:30 PM."

That's the power of integrating Google Workspace with your self-hosted Openclaw assistant. And I'm going to show you exactly how I did it without spending a fortune or needing a computer science degree.

The Journey: From "$1,500/Month Openclaw Tokens Bills" to "Full Google Integration for $0"

A few weeks ago, I documented how I slashed my AI assistant costs by 98%, from over $1,500/month to under $30. But reducing costs was just step one. The real magic happened when I decided to connect my AI to the tools I use every single day: Gmail, Google Calendar, Google Drive, and Google Sheets.

Here's the thing: Most "Openclaw integration" tutorials assume you're running on a fancy Mac with Homebrew installed, or they want you to pay $50/month for a Zapier subscription. But I'm running Openclaw on a $4.5/month Hostinger VPS running Ubuntu Linux.

πŸ’‘ The Challenge

How do you integrate Google Workspace with an Openclaw running in a Docker container on a headless Linux server,when all the official tutorials assume you have a graphical interface and macOS?

What You'll Learn in This Guide

βœ… Complete Setup

Step-by-step Google OAuth configuration for headless servers

πŸ” Security First

OAuth 2.0 implementation without storing passwords

πŸ’° Zero Cost

No subscription feesβ€”uses free Google API tier

🐳 Docker Ready

Works in containerized environments on any VPS

The Problem: Official Docs Assume You're on macOS

When I first looked into integrating Google Workspace, I found the gog skill (a CLI tool for Google services). Perfect! Except...

Official Installation: "Install via Homebrew: brew install steipete/tap/gogcli"

Great... if you're on a Mac. But I'm on Ubuntu Linux, inside a Docker container, on a VPS with no GUI. Homebrew? Not happening.

This is where most tutorials end. "Just use Mac," they say. "Or pay for Zapier." But I didn't build a cost-optimized AI assistant just to start paying monthly subscriptions again.

The Solution: Linux Binary + Docker Persistence + OAuth Flow

Here's what I discovered after hours of digging through GitHub releases and testing different approaches:

  1. gogcli HAS a Linux binary (it's just not mentioned in the main docs)
  2. OAuth works on headless servers (with a clever 2-step authentication flow)
  3. Docker volumes preserve binaries (if you know where to put them)
  4. Google APIs are FREE (1 billion Gmail requests/day, 1M calendar requests/day)

🎯 The Three-Part Strategy

Part 1: Download the official Linux binary from GitHub and place it in a Docker-persistent location

Part 2: Set up Google OAuth using the "remote" authentication flow (designed for servers)

Part 3: Automate the symlink creation so it survives container restarts

Step-by-Step: The Actual Implementation

1 Download the Linux Binary

First, I grabbed the official gogcli Linux binary from GitHub releases: 

# Download latest Linux release
curl -L https://github.com/steipete/gogcli/releases/download/v0.11.0/gogcli_0.11.0_linux_amd64.tar.gz -o /tmp/gogcli.tar.gz

# Extract it
tar -xzf /tmp/gogcli.tar.gz -C /tmp/

# You now have the 'gog' binary

πŸ’‘ Pro Tip: The binary is about 22MB. One-time download, and it includes everything you needβ€”no dependencies.

2 Install to Persistent Docker Volume

Here's the trick: Docker containers reset on restart. But Docker volumes persist. I placed the binary in OpenClaw's persistent config directory: 

# Copy to persistent volume location
docker cp /tmp/gog openclaw-container:/home/node/.openclaw/gog

# Make it executable
docker exec openclaw-container chmod +x /home/node/.openclaw/gog
docker exec openclaw-container chown node:node /home/node/.openclaw/gog

# Create symlink so it's in PATH
docker exec openclaw-container ln -sf /home/node/.openclaw/gog /usr/local/bin/gog

# Test it works
docker exec openclaw-container gog --version
# Output: v0.11.0

⚠️ Important: The /home/node/.openclaw/ directory is mounted as a volume. This means the binary survives restarts. But /usr/local/bin/ does NOT. We'll automate the symlink in the next step.

3 Automate Symlink Creation

To make the binary permanently accessible after restarts, I added one line to my docker-compose.yml startup script: 

command:
  - sh
  - -c
  - |
    # ... existing startup code ...
    chown -R node:node /home/node/.openclaw
    
    # ✨ This is the magic line
    [ -f /home/node/.openclaw/gog ] && ln -sf /home/node/.openclaw/gog /usr/local/bin/gog
    
    # ... rest of startup ...
    exec su node -s /bin/sh -c "node dist/index.js gateway"

Now, every time the container starts, it checks if the binary exists and creates the symlink automatically. No manual intervention needed.

4 Set Up Google OAuth (The Fun Part)

This is where it gets interesting. OAuth on a headless server? Most people think it's impossible because OAuth wants to redirect to localhost in your browser. But gog has a clever solution: the remote authentication flow.

4a. Create Google Cloud Project

  1. Go to console.cloud.google.com
  2. Create a new project (e.g., "My AI Assistant")
  3. Go to APIs & Services β†’ Credentials
  4. Click "+ CREATE CREDENTIALS" β†’ "OAuth client ID"
  5. Application type: Desktop app
  6. Name it: "OpenClaw Integration"
  7. Download the client_secret.json file

4b. Enable the APIs

Go to APIs & Services β†’ Library and enable:

  • Gmail API
  • Google Calendar API
  • Google Drive API
  • Google Sheets API
  • Google Docs API
  • People API (Contacts)

4c. Add Yourself as Test User

Go to OAuth consent screen β†’ Test users β†’ + ADD USERS and add your Gmail address. This lets you use the OAuth flow while the app is in "Testing" mode (which is fine for personal use).

5 The Remote OAuth Dance

This is the clever part. Since we're on a server with no browser, we use gog's remote authentication flow:

Step 5.1: Upload OAuth Credentials

# Copy your downloaded client_secret.json to the server
scp client_secret.json user@your-vps:/tmp/

# Copy into container
docker cp /tmp/client_secret.json openclaw-container:/home/node/.openclaw/

# Load credentials
docker exec openclaw-container su node -c "gog auth credentials /home/node/.openclaw/client_secret.json"

Step 5.2: Generate Auth URL

docker exec openclaw-container su node -c "gog auth add you@gmail.com --services gmail,calendar,drive,contacts,sheets,docs --remote --step 1"

# Output:
# auth_url    https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=...
# Run again with --remote --step 2 --auth-url <redirect-url>

Step 5.3: Authorize in Your Browser

  1. Copy the auth_url from the output
  2. Open it in your browser (on your laptop/phone)
  3. Sign in with your Google account
  4. Grant all the permissions
  5. Your browser will redirect to http://127.0.0.1:xxxxx/... which will fail to load
  6. That's OK! Copy the entire URL from your browser's address bar

Step 5.4: Complete Authentication

docker exec openclaw-container su node -c "gog auth add you@gmail.com --services gmail,calendar,drive,contacts,sheets,docs --remote --step 2 --auth-url 'PASTE_THE_FULL_URL_HERE'"

# Verify it worked
docker exec openclaw-container su node -c "gog auth list"

# Output:
# you@gmail.com    default    calendar,contacts,docs,drive,gmail,sheets    oauth

βœ… Success! You've just authenticated your server with Google using OAuth 2.0. No passwords stored, no security compromises. The token is encrypted and stored securely in the container.

The Results: What This Actually Feels Like

After setting this up, here's what I can now do through my Openclaw Telegram bot:

Real Examples I Use Every Day

πŸ“§ Email Management

Me: "Do I have any unread emails from clients?"
openclaw: "Yes, 3 unread: John Smith (Project Update), Sarah Chen (Meeting Request), Tech Support (Invoice #12453)"

πŸ“… Calendar Queries

Me: "Am I free Thursday afternoon?"
Openclaw: "You have one meeting: Client Demo at 3:30 PM. You're free from 1:00-3:30 PM."

πŸ“Š Sheets Access

Me: "What's in my expenses spreadsheet?"
openclaw: "Found your 'Q1 2026 Expenses' sheet. You have $3,247 logged across 47 transactions. Top category: Software subscriptions ($892)."

πŸ’Ύ Drive Search

Me: "Find my contract with Acme Corp"
Openclaw: "Found 2 files: 'Acme_Contract_2026.pdf' (modified 3 days ago) and 'Acme_SOW_Draft.docx' (modified 2 weeks ago)."

The Cost Breakdown: How Much Does This Actually Cost?

Service Free Tier Limit My Usage
Gmail API 1 billion quota/day ~500 calls/day
Calendar API 1 million requests/day ~100 calls/day
Drive API 20,000 requests/100s ~50 calls/day
Sheets API 500 requests/100s ~20 calls/day
TOTAL MONTHLY COST - $0.00

πŸ’° Complete Cost Summary

VPS Hosting: $4.5/month (shared with other services)
Google APIs: $0/month (completely free)
gogcli binary: $0 (open source)
OAuth authentication: $0 (Google provides for free)

Total additional cost to add Google Workspace: $0/month

But Waitβ€”Is This Secure?

This was my biggest concern too. Giving an AI access to my Gmail? My calendar? My documents? Here's why this setup is actually more secure than most alternatives:

πŸ” OAuth 2.0

No passwords stored. Uses Google's official OAuth flow. Tokens are encrypted and can be revoked anytime.

🎯 Scoped Access

Only grants access to services you choose. Can limit to read-only if preferred.

πŸ”’ Encrypted Storage

Tokens stored in password-protected keyring. Binary runs in isolated Docker container.

🚫 No Public Exposure

Gateway bound to localhost. Access only via SSH tunnel. No public API endpoints.

⚑ You Can Revoke Access Anytime: Go to myaccount.google.com/permissions and remove "OpenClaw Integration" to instantly revoke all access. No data remains on the server.

Lessons Learned: What I Wish I Knew Before Starting

1. Docker Volumes Are Your Friend

Anything in /home/node/.openclaw/ persists across restarts. Anything in /usr/local/bin/ or /tmp/ does not. Put important stuff in persistent volumes!

2. Symlinks Need Automation

Creating a symlink manually works once. But after docker compose down/up, it's gone. Add it to your startup script or you'll be recreating it every time.

3. Remote OAuth Flow is Brilliant

The --remote --step 1/2 flow is designed exactly for this use case. Don't try to hack localhost redirects or use port forwarding. Just use the remote flow.

4. Test Mode OAuth is Fine

You don't need to get your app "verified" by Google unless you're building for public use. Test mode works perfectly for personal/internal use with up to 100 test users.

Troubleshooting: Common Issues I Hit (And How I Fixed Them)

❌ "gog: command not found" after restart

Problem: The symlink was lost when container restarted.

Solution: Add the symlink creation to your docker-compose.yml startup command (see Step 3 above).

❌ "Error 403: access_denied" during OAuth

Problem: You forgot to add yourself as a test user.

Solution: Go to Google Cloud Console β†’ OAuth consent screen β†’ Test users β†’ Add your email.

❌ "API not enabled" errors

Problem: Forgot to enable the specific API (Gmail, Calendar, etc.)

Solution: Go to APIs & Services β†’ Library β†’ Search for each API β†’ Click ENABLE.

❌ "no TTY available for keyring password"

Problem: The keyring wants a password but can't prompt for it.

Solution: Set GOG_KEYRING_PASSWORD environment variable in your .env and docker-compose.yml.

What I'm Building Next

Now that I have Google Workspace integrated, here are some cool automations I'm working on:

  • πŸ“Š Automated expense tracking - Parse receipts from Gmail, add to Google Sheets
  • πŸ“… Smart calendar assistant - "Find a time next week when both John and Sarah are free"
  • πŸ“§ Email triage - Automatically categorize and prioritize emails
  • πŸ’Ύ Document search - "Find all contracts modified in the last month"
  • 🎯 Meeting prep - "What's my next meeting and what were the action items from last time?"

The Bottom Line

For zero additional cost, I now have an AI assistant that can check my email, manage my calendar, search my Drive, and analyze my spreadsheetsβ€”all through natural language commands on Telegram.

No Zapier subscription. No IFTTT. No fancy Mac-only tools. Just a $15/month VPS, some open-source software, and a bit of Docker knowledge.

The dream of having a personal AI assistant isn't reserved for tech giants with million-dollar budgets anymore.

It's here. It's affordable. And you can build it yourself.

Want to Follow Along?

I'm documenting my entire AI assistant journeyβ€”from cost optimization to advanced integrations. If you're interested in building your own self-hosted AI assistant, check out my other posts:

IF

About Dr. Ifeanyi Madujibeya (Ife)

I'm a clinican-researcher with strong research interest in cost-effective AI solutions. I and my colleagues run ProData Analytics LLC and specialize in building cost-effective AI solutions for business and reasearch support. We are proving that powerful AI assistants don't require enterprise budgets. I've reduced my AI costs by 98% and I'm documenting everything I learn along the way.

Published on prodatanalytics.com | February 16, 2026

Built with OpenClaw β€’ Hosted on Hostinger VPS β€’ Powered by curiosity

Scroll to Top