Three steps: run a hub, become the keymaster, install the client on every phone and laptop that needs it. Plan on about an hour if you’re comfortable at a terminal, longer if it’s your first server.
Cove is self-hosted. Every group runs its own hub — a small Python server that holds the tamper-evident log for that group and nobody else’s. Nothing about your group’s messages ever touches infrastructure the Cove project controls.
The easiest way to run one is Docker on a small Linux VM (a $5/month box is more than enough for a board of 20). If you already run other services on a Cloudflare Tunnel, Cove drops in the same way.
git clone https://github.com/cloudseeder/cove.git
cd cove
mkdir -p ./cove-state
# Genesis ceremony — root + hub keypairs + signed manifest.
docker compose --profile setup run --rm bootstrap \
--org-name "Your Org" \
--members keymaster
cove-state/keys/root.priv off the host. The hub’s whole security model depends on the root key not living on the running server. Detailed steps in the docker README.
# After root.priv is safely offline:
docker compose up -d hub
# Verify:
curl http://127.0.0.1:8000/healthz
# {"status":"ok","version":"..."}
Point a domain at the container (Cloudflare Tunnel or Caddy both work — walked through in the docker README) and you have a running hub.
The bootstrap ceremony created one member for you: the keymaster. That’s the person who mints invite codes for everyone else, approves new members, and holds the group’s custodial responsibility. It’s almost always you if you set up the hub.
Take cove-state/keys/members/keymaster.priv and get it onto the device you’ll use as the keymaster (usually your laptop or phone). On the client, paste the key into the “I already have a key” unlock flow. On the PWA, you’ll be asked for a passphrase during first-time setup so the key survives future sessions without re-paste.
Once you’re authenticated, everyone else onboards through the invite-code flow you mint from the Admin panel — no more terminal work needed for the rest of the group.
Cove has three client surfaces at different levels of polish. Pilot-era honesty: the desktop app is the best-supported, the PWA is the everyday-mobile answer, native mobile is not yet built.
Signed and notarized. Download the .dmg from GitHub Releases, open, drag to Applications.
ReadyUnsigned Tauri builds attached to every GitHub release. Works, but expect Gatekeeper/SmartScreen warnings.
UnsignedNot built yet. The PWA covers this well enough that native isn’t urgent.
LaterFrom here, the day-to-day is: mint invite codes for the rest of the group, hand them out out-of-band (text, in person, on paper), and start posting. Every message is signed, every delivery is receipted, every thread stays whole.
If you hit a wall, the source repo has issue templates. This is a small project by design — the response won’t be instant, but it will be real.