Admin overview¶
This guide covers deploying, configuring, and maintaining the Cove Backup Audit Reporter. It runs entirely on Cloudflare — there is no separate server to manage.
Architecture at a glance¶
| Component | Role |
|---|---|
| Cloudflare Pages / Worker | Serves the app and runs the report pipeline |
| Cloudflare D1 | Stores schedules, recipients, run history, and the M365 token |
| Workers KV | Caches the Cove session token |
| Browser Rendering | Converts the report to PDF |
| Cron Trigger | Fires the monthly job |
| Cloudflare Access | Microsoft 365 SSO in front of the app |
One-time setup order¶
- Deploy the app and create its Cloudflare resources.
- Create a Cove API user so the app can pull device data.
- Register and connect Microsoft 365 so the app can send email.
- Configure Access and the config file — SSO, admins, sender mailbox.
- Review security & maintenance.
Non-secret settings live in the committed config file; secrets live in Cloudflare, never in the repo.