SkillAgentSearch skills...

GAMpass

A simple tool to encrypt & decrypt GAM secrets at runtime using your biometrics with unopass

GenerateConvertImprove

Install / Use

/learn @amadotejada/GAMpass
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

GAMpass

Written by Amado Tejada

Many Google Workspace admins use GAM or GAMADV-XTD3 to manage their instance. Currently, the secrets needed for these tools are stored on disk in plaintext.

GAMpass is a simple tool to encrypt & decrypt GAM secrets at runtime using your biometrics with unopass

Requirements

  • python 3.13+
  • pip install -r requirements.txt
  • unopass configured
  • GAM/GAMADV-XTD3 configured

Tested on macOS 12.4+

First time setup

Back up your plaintext secrets in a different directory before you run setup. Once you verify you can encrypt/decrypt secrets you can delete the backup.

  1. Meet the requirements
  2. Move gampass.py to the same directory as GAM's secrets files, usually ~/.gam/
  3. Run python gampass.py setup*
    • this encrypts GAM all secrets
      • ["client_secrets.json", "oauth2service.json", "oauth2.txt"]
      • If you have multiple GAM domains, all will be encrypted
    • this will generate a new gampass.key file.
    • this adds gampass and gampass_cli alias to ~/.zshrc
      • if you don't use ~/.zshrc, adjust in gampass.py
<img src="./screenshots/setup.png" width="100%">
  1. Open 1Password
    • create a vault named gampass
    • add a new password item with the title gamkey
    • add the content of the gampass.key the credential field
<img src="./screenshots/1pass.png" width="100%">

GAM Usage

Use this to make GAM calls

Put gampass before the GAM command

gampass gam [gam args]

gampass gam select domain2 save | gam info domain
<img src="./screenshots/terminal.png" width="100%">
  • macOS Touch ID prompts for your biometrics decrypting the secrets
<img src="./screenshots/results.png" width="100%">
  • GAM results

GAMpass CLI Usage

Use only this to manage your GAM secrets

Usage: gampass_cli [option]

Options:
        encrypt                 Encrypt GAM all secrets
        decrypt                 Decrypt GAM all secrets
        setup                   Setup a key and encrypt secrets
        updates                 View updates documentation
        sync                    Encrypt all domains with existing 1Password key
Example:
        gampass_cli sync

Limitations

Everything that works with GAM should work via GAMpass, except for the following:

  • Scheduled workflows via cron, etc., do not work because intentionally biometrics are prompted to decrypt the secrets.

License

GAMpass is released under the MIT License

Related Skills

node-connect

349.0k

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps

claude-opus-4-5-migration

109.4k

Migrate prompts and code from Claude Sonnet 4.0, Sonnet 4.5, or Opus 4.1 to Opus 4.5

frontend-design

109.4k

Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.

model-usage

349.0k

Use CodexBar CLI local cost usage to summarize per-model usage for Codex or Claude, including the current (most recent) model or a full model breakdown. Trigger when asked for model-level usage/cost data from codexbar, or when you need a scriptable per-model summary from codexbar cost JSON.

amadotejada

View profile

View on GitHub
GitHub Stars13
CategoryDevelopment
Updated4mo ago
Forks1
amadotejada/GAMpass

Languages

Python

Security Score

92/100

Audited on Nov 9, 2025

No findings