Multi-machine sync
Sync keeps one Coffer vault consistent across all your own machines by pushing and pulling vault state through a git repository you own — no vendor cloud, and the encryption master key never leaves your control.
Set it up
coffer sync init git@github.com:me/coffer-vault.git # point at YOUR remote, enable, first sync
coffer sync # full sync: export → pull → push → import
coffer sync status # clean / syncing / conflicted / error- The remote is a private git URL you own; Coffer uses your ambient git credentials (SSH key or token), exactly like a normal
git push. Coffer ships no hosted endpoint. coffer sync config --auto on --interval 300enables opt-in periodic sync; auto-sync is off by default.
What travels
Mirrored: knowledge-base and memory Markdown, your config resources (MCP servers, agents, skills, channels), and credentials as Fernet ciphertext only. Machine-local (never synced): logs, the rebuildable coffer.db index, daemon.json, PID files, and port allocations.
The master key (out of band)
The encryption master key is never written to the repo — only ciphertext travels. Move the key to each new machine yourself:
coffer sync key export ./master.key # on the source machine
# move master.key over a trusted channel — NEVER through the repo
coffer sync key import ./master.key # on the target machineUntil the key is present, imported credentials stay locked (coffer sync status reports it) and resources that need them won't start.
Conflicts
A git merge conflict stops the run in a conflicted state and imports nothing — neither side is discarded. Resolve, then run again:
coffer sync resolve --theirs path/to/resource.json # or --ours / --resolved
coffer syncOne file per resource keeps conflicts small. A desktop Sync settings panel does all of this without the terminal, and the same operations are available over REST at /api/v1/sync/*.