← back to overview

Get your group set up.

Three steps: run a hub, become the keymaster, install the client on every phone and laptop that needs it. Plan on about an hour if you’re comfortable at a terminal, longer if it’s your first server.

1Run a hub.

Cove is self-hosted. Every group runs its own hub — a small Python server that holds the tamper-evident log for that group and nobody else’s. Nothing about your group’s messages ever touches infrastructure the Cove project controls.

The easiest way to run one is Docker on a small Linux VM (a $5/month box is more than enough for a board of 20). If you already run other services on a Cloudflare Tunnel, Cove drops in the same way.

git clone https://github.com/cloudseeder/cove.git
cd cove
mkdir -p ./cove-state

# Genesis ceremony — root + hub keypairs + signed manifest.
docker compose --profile setup run --rm bootstrap \
    --org-name "Your Org" \
    --members keymaster
Non-negotiable: after the bootstrap, move cove-state/keys/root.priv off the host. The hub’s whole security model depends on the root key not living on the running server. Detailed steps in the docker README.
# After root.priv is safely offline:
docker compose up -d hub

# Verify:
curl http://127.0.0.1:8000/healthz
# {"status":"ok","version":"..."}

Point a domain at the container (Cloudflare Tunnel or Caddy both work — walked through in the docker README) and you have a running hub.

2Onboard the keymaster.

The bootstrap ceremony created one member for you: the keymaster. That’s the person who mints invite codes for everyone else, approves new members, and holds the group’s custodial responsibility. It’s almost always you if you set up the hub.

Take cove-state/keys/members/keymaster.priv and get it onto the device you’ll use as the keymaster (usually your laptop or phone). On the client, paste the key into the “I already have a key” unlock flow. On the PWA, you’ll be asked for a passphrase during first-time setup so the key survives future sessions without re-paste.

Once you’re authenticated, everyone else onboards through the invite-code flow you mint from the Admin panel — no more terminal work needed for the rest of the group.

3Install the client.

Cove has three client surfaces at different levels of polish. Pilot-era honesty: the desktop app is the best-supported, the PWA is the everyday-mobile answer, native mobile is not yet built.

macOS desktop

Signed and notarized. Download the .dmg from GitHub Releases, open, drag to Applications.

Ready

PWA (iOS & Android)

Install app.cove.oap.dev to your home screen. Instructions below.

Ready

Windows / Linux desktop

Unsigned Tauri builds attached to every GitHub release. Works, but expect Gatekeeper/SmartScreen warnings.

Unsigned

Native iOS / Android

Not built yet. The PWA covers this well enough that native isn’t urgent.

Later

Installing the PWA on iPhone (Safari)

  1. Open app.cove.oap.dev in Safari. (Chrome on iOS forwards to Safari for install; other browsers won’t work.)
  2. Tap the Share icon at the bottom of the screen (square with an up-arrow).
  3. Scroll down in the share sheet and tap Add to Home Screen.
  4. Tap Add in the top-right corner.
  5. Open Cove from your home screen. It runs full-screen, has its own icon, and remembers your session between opens (from v0.4.34+).

Installing the PWA on Android (Chrome)

  1. Open app.cove.oap.dev in Chrome.
  2. Tap the menu in the top-right.
  3. Tap Install app (or on some Chrome versions, Add to Home screen).
  4. Confirm on the prompt.
  5. Open Cove from your home screen or app drawer.
Why a PWA and not a native app? Native iOS and Android would need App Store review, provisioning profiles, and platform-specific keychain integrations for every release. That’s a lot of infrastructure for a pilot. The PWA gets you 90% of the native feel — home-screen icon, full-screen, offline caching, push notifications on the roadmap — without any of the store gatekeeping. Native comes later if the pilot outgrows the PWA.

You’re running.

From here, the day-to-day is: mint invite codes for the rest of the group, hand them out out-of-band (text, in person, on paper), and start posting. Every message is signed, every delivery is receipted, every thread stays whole.

If you hit a wall, the source repo has issue templates. This is a small project by design — the response won’t be instant, but it will be real.