Show HN: Mini-Diarium - An encrypted, local, cross-platform journaling app

Posted by holyknight 10 hours ago

Show HN: Mini-Diarium - An encrypted, local, cross-platform journaling app(github.com)

102 points | 48 comments

Brajeshwar 10 hours ago|

This is Nice.

However, how do one access their diary, when you stopped maintaining it? Is this targeted more at the technically inclined, high-profile people who need to keep secrets?

Personally, I believe that for something like a diary/journal, it should be in a format easily readable by most tools (so a Plain-Text or a MarkDown at best), then it is in a container/folder. Now, encrypt that container/folder instead. In the future, when you need to change the tool for Encryption/Decryption, move the container/folder.

For instance, tools such as https://cryptomator.org comes to mind.

TheFlya7c 10 hours ago||

I think there are two different concerns mixed together:

1) Can I still read my data in 10 years? That’s mostly about open, well-documented formats + an export path. A journaling app can still be “safe” here if it can export to Markdown/plain-text (or at least JSON) and the on-disk schema is documented.

2) Can I decrypt it in 10 years? That’s about using boring primitives (AES-GCM, Argon2/scrypt/PBKDF2) and keeping the crypto layer simple. If it’s standard crypto, you’re not locked to one vendor the way you might be with a bespoke format.

The “plain files in an encrypted folder” approach (Cryptomator/VeraCrypt) is totally reasonable—and arguably the simplest threat model—but you do give up a lot of what makes a journal app nice (full-text search, tags, structured metadata, conflict handling, etc.). SQLite + client-side encryption is a fine compromise if there’s a solid export and the KDF/password story is strong.

The biggest real risk is still: losing the password. A printable recovery key / key export would help more than switching formats.

armchairhacker 9 hours ago||

Make the journal app store its data in plain-text Markdown files in an encrypted folder (or ZIP).

If necessary for things like search, add a cache file to the folder.

andai 7 hours ago|||

When I had a Mac I used an encrypted volume in Dropbox. (Not sure if that's a good idea, but I didn't have any issues.)

I used Notational Velocity in those days :) A rare gem of ergonomics.

Later I did the same thing with a VeraCrypt volume.

Now I'm in Obsidian, which has its own encryption (if you trust 'em!), but never quite got the frictionless feeling of NV back.

Brajeshwar 6 hours ago||

The Alternate Notational Velocity (nvAlt) was my go-to for a very long time. https://brettterpstra.com/projects/nvalt/

holyknight 9 hours ago|||

yeah, currently you can export your journal to json or markdown files. So you can walk away at any point. Vendor lock-in is one of the main things i wanted to avoid. That's why I sticked with boring and standard libraries and encryption as much as possible. Thanks for the feedback!

ddtaylor 3 hours ago||

You could store the encrypted contents in an IPFS collection or just use old DHT. Obviously someone else needs to access the content to keep it fresh (even if they don't have the ability to decrypt it), but considering it's markdown you could run an "official" seeder that seeds everything or just have each client run an IPFS node etc.

holyknight 2 hours ago||

That's definitely an interesting idea

kantord 10 hours ago||

I love the minimalism of the UI.

Here's a tip: GitHub now allows you to embed a proper video in your README. (https://stackoverflow.com/questions/4279611/how-to-embed-a-v...). Quality would be much better, and people can navigate back-and-forth in the video.

8-prime 9 hours ago||

No more fighting with gifs for README files. Thanks!

holyknight 9 hours ago||

Thanks! I will check that out

otterpro 5 hours ago||

I like the idea, as a niche project for users that don't have control over their hardware/OS, or run on USB flash for portability.

Speaking of which, I have notes / journal entries dating back several decades, all in plain text files. I'm worried about these new projects and their longevity and whether it'll be actively supported 30 years from now. For simplicity, I'd use gocryptfs, Veracrypt, or other general file-based encryption which suits your risk tolerance, and use whatever editor (ie Obsidian, vscode, OneNote, etc) I want to use.

8x 6 hours ago||

There already is another, unrelated "Diarium" journaling app: https://diariumapp.com

It's a paid app, not open source, but I've been using it for years and it has been working very well for me.

khalic 10 hours ago||

Dann, that’s a fancy README.md , love it

holyknight 9 hours ago|

thanks!

spangry 10 hours ago||

Looks really cool, I like the pretty but minimalist interface. Could I store the SQlite file on, say, google drive so that I could access my journal from different devices while the contents are still kept secure because they’re encrypted?

holyknight 9 hours ago|

Yes, you can definetely can! Currently you can see the location of the .db file on the preferences while your journal is open.

I will improve the experience for this use case in follow up releases, by for example being able to define a arbitrary path for your db file.

Thanks for the feedback!

g947o 10 hours ago||

The biggest problem is that this is not available on mobile platforms. Most people do this on their phones, not their laptops.

holyknight 9 hours ago|

The support for it is planned. It was thought from the beginning with supporting all the major platforms; I just started with the desktop support because there was my best use case. But the support is already planned in the near future. Android will follow shortly, and an iOS version can be done if there is demand for it. Thanks!

sanarg 9 hours ago||

looks sleek, fast, and stays true to the privacy-first roots we all loved. Awesome job modernizing a classic without losing its soul.

CafeRacer 9 hours ago||

I'm using obsidian and cryfs. Nothing has access to those except a few programs. I'm storing notes, files, documents, whatever is important and everything is synced to the cloud.

bayindirh 9 hours ago||

This is the beauty of it. If it works for you it's great. If this new app works for others, then it's great.

That's a good win-win situation.

As a fellow obsidian user, I wouldn't scoff at a simple app which does one thing well.

holyknight 8 hours ago||

I also, myself, had a similar setup some time ago; that's super valid.

sneak 1 hour ago|

key reuse, and probably other issues in a homebrew cryptosystem that wraps AES.

is there a reason we aren’t using high level crypto libraries in 2026?

holyknight 1 hour ago|

Thanks for the feedback. This is why I built it FOSS.

On the libraries: Mini Diarium actually does use established, widely audited crates rather than rolling its own primitives. See https://github.com/RustCrypto/AEADs for AES-256-GCM, https://github.com/RustCrypto/password-hashes for key derivation, and https://github.com/dalek-cryptography/curve25519-dalek + https://github.com/RustCrypto/KDFs for the key file ECIES scheme. The thin cipher.rs wrapper just handles nonce prepending with no custom crypto primitives.

On key reuse: the master key is intentionally shared across entries (as in Signal, 1Password, etc.), but each encrypt() call generates a fresh 96-bit nonce from the OS CSPRNG, so the (key, nonce) pair is never repeated.

That said, I am not a security expert by any means. If you've spotted something concrete, a specific call site, a protocol flaw, or a library you'd swap in, I'd genuinely love to hear it. Open to PRs or a discussion issue.

Regards

More comments...