Mini Diarium is a privacy-focused journaling application designed for secure, local-only note-taking. Built with Tauri, SolidJS, and Rust, it prioritizes encryption and offline functionality to ensure your data remains private and untouchable by external forces.
Key Features:
Key File Authentication: Unlock your journal using an X25519 private key file for added security, similar to SSH keys. Manage multiple authentication methods seamlessly.
AES-256-GCM Encryption: All entries are encrypted with a random master key, ensuring robust protection against unauthorized access.
Rich Text Editor: Create and format notes with ease, supported by a user-friendly interface.
Multiple Entries Per Day: Organize your thoughts by creating separate entries for the same date without merging content.
Calendar Navigation: Quickly jump between dates using an intuitive calendar view.
Import/Export: Import from Mini Diary, Day One, and jrnl formats while exporting to JSON or Markdown for flexibility.
Themes: Customize your journaling experience with different themes.
Automatic Backups: Regular backups are created upon unlocking to safeguard your data.
Audience & Benefit:
Ideal for users who value privacy and security in their digital journaling, such as journalists, activists, or anyone requiring a secure space for personal thoughts. Mini Diarium ensures your entries remain encrypted, offline, and free from third-party interference, providing peace of mind for those who prioritize data control.
Install Mini Diarium via winget on Windows: winget install mini-diarium.
README
Mini Diarium
A local-only journal with serious encryption.
Free, open source, and never touches the internet.
Download the latest release for your platform from GitHub Releases.
For platform package formats and first-run notes, see Installation.
Background
Mini Diarium is a spiritual successor to Mini Diary by Samuel Meuli. I loved the original tool. It was simple, private, and did exactly what a journal app should do. Unfortunately, it's been unmaintained for years and its dependencies have aged out. I initially thought about forking it and modernizing the stack, but turned out impractical. So I started over from scratch, keeping the same core philosophy (encrypted, local-only, focused) while rebuilding completely with Tauri 2, SolidJS, and Rust. The result is a lighter, faster app with stronger encryption and a few personal touches.
Read the full principles and how these translates to the architecture in PHILOSOPHY.md.
AI as a Tool, Not a Substitute
Mini Diarium uses AI tools willingly and without apology, but always as leverage for human engineers, never as a replacement for them. This is NOT a vibe-coded app: every meaningful change still has to pass through deliberate design, careful implementation, proper testing, sound engineering practice, and direct feedback from both developers and users. We do not believe serious software can be reduced to "no-code magic" or delegated to prompts without judgment, especially when privacy, security, and long-term maintainability matter. Good tools should be used; responsibility, authorship, and final judgment remain human.
Features
Key file authentication: unlock your journal with an X25519 private key file instead of (or alongside) your password, like SSH keys for your journal. Register multiple key files; manage all auth methods from Preferences. See Key File Authentication for details.
AES-256-GCM encryption: all entries are encrypted with a random master key. Each auth method holds its own wrapped copy of that key, so adding or removing a method is O(1), with no re-encryption of your entries.
Rich text editor
Multiple entries per day: keep separate entries for the same date without merging them together
Calendar navigation
Import: Mini Diary JSON, Day One JSON/TXT, and jrnl JSON with additive imports that preserve separate same-date entries
Export: JSON for structural fidelity and Markdown for human-readable best-effort export
Themes
Automatic backups: backup on unlock with rotation
Statistics
Preferences: first day of week, future entries toggle, title visibility, spellcheck, password change, authentication method management
Cross-platform: Windows, macOS, and Linux
Zero network access: no telemetry, no analytics, no update checks
Architecture
Unlock Model
Mini Diarium uses a wrapped master key design.
A random master key encrypts all entries using AES-256-GCM
Authentication methods wrap the master key
Unlocking unwraps the master key into memory for the session
Unlock Flow
Password Unlock
Argon2 key derivation
AES-GCM unwrap of master key
Key File Unlock
X25519 key pair
ECDH followed by HKDF
AES-GCM unwrap of master key
The master key is never stored in plaintext.
System Context
Everything runs locally on the user's machine.
Properties
The UI communicates with the Rust backend via Tauri invoke()
The backend reads and writes to local SQLite
No HTTP clients
No background sync
No telemetry
Saving an Entry
When saving an entry:
The content is encrypted using the master key.
The encrypted content is stored in the entries table.
Download the latest release for your platform from GitHub Releases:
Platform
Format
Windows
.msi or .exe (NSIS installer, no admin required)
macOS
.dmg
Linux
.AppImage or .deb (Flatpak coming soon)
Windows (WinGet)
The easiest way to install Mini Diarium on Windows is via WinGet:
winget install mini-diarium
To update an existing installation later:
winget upgrade mini-diarium
Homebrew (macOS)
The easiest way to install Mini Diarium on macOS is via Homebrew:
brew tap fjrevoredo/mini-diarium
brew install --cask mini-diarium
> Note: Mini Diarium is not code-signed. On first launch, macOS Gatekeeper may show a "damaged and can't be opened" error. Run the following command in Terminal, then open the app normally:
>
> sh > xattr -cr "/Applications/Mini Diarium.app" >
Flatpak (Linux)
> ⚠️ Not yet available. The Flathub listing is pending store approval and is not yet published. The commands below will not work until the listing is approved. In the meantime, download the .AppImage or .deb from the latest release.
Once published on Flathub, the easiest way to install Mini Diarium on Linux will be via Flatpak:
On first launch, Windows SmartScreen may show a warning ("Windows protected your PC"). This is expected for unsigned applications. Click "More info" then "Run anyway" to proceed. Mini Diarium is open source and builds are reproducible from source.
macOS
macOS Gatekeeper may block the app on first launch with "damaged and can't be opened". This happens because the app is open-source and not commercially code-signed.
Run this command in Terminal after dragging the app to Applications:
xattr -cr "/Applications/Mini Diarium.app"
Then launch the app normally. This is a one-time step.
Linux
No code signing is required. For security, verify the SHA256 checksum against checksums-linux.txt from the release before installation:
sha256sum Mini-Diarium-*.AppImage
# Compare with checksums-linux.txt
Quick Start
Launch Mini Diarium
Create a password (this encrypts your journal; there is no recovery if forgotten)
Write your first entry. It auto-saves as you type
Navigate between days with Ctrl+[ / Ctrl+] or click dates on the calendar
Lock your journal when you're done
Key File Authentication
Most journal apps only offer a password. Mini Diarium also lets you unlock with an X25519 private key file, a small .key file that acts like an SSH key for your journal. You can use a key file instead of your password, or register both and use whichever is convenient.
Why use a key file?
Scenario
How a key file helps
Physical second factor
Keep the .key file on a USB drive. The journal can only be unlocked when the drive is plugged in, with no app, no phone, and no OTP codes.
Password manager integration
Store the .key file as a secure attachment. Unlock without memorizing a passphrase at all.
Multiple machines
Register one key file per machine. Revoke access to a single machine by removing that slot without touching your password or re-encrypting any entries.
Shared account, separate keys
Register several key files under different labels. Each is independent, and removing one doesn't affect the others.
How it works
Each auth method stores its own encrypted copy of a random master key that encrypts all journal entries. For key files, this wrapping uses X25519 ECIES:
A 256-bit master key is generated once when you create the journal and never changes.
You generate an X25519 keypair in Preferences. The app saves the private key to a .key file (64-character hex string) and retains only the public key.
The public key is used to wrap the master key: an ephemeral DH key exchange produces a one-time secret, HKDF-SHA256 derives a wrapping key from it, and AES-256-GCM encrypts the master key. The resulting blob is stored in the auth_slots table alongside your password slot.
To unlock, Mini Diarium reads the .key file, performs the same ECDH derivation in reverse, and unwraps the master key; your password is never required.
The private key never enters the database. The public key stored in the database cannot unlock the journal. A wrong or tampered key file is rejected by AES-GCM authentication.
Setting up a key file
Open Preferences → Authentication Methods
Click Generate Key File
Save the .key file somewhere only you control, such as a USB drive, a password manager's secure notes, or an encrypted folder
Enter your current password to authorize the registration
Give the slot a label (e.g. "USB drive" or "laptop")
From that point you can unlock from the login screen by switching to Key File mode and selecting your .key file. To remove a key file, open Preferences → Authentication Methods and delete its slot (the last remaining method is always protected from deletion).
> Backup your key file. Like an SSH private key, it cannot be regenerated. If you lose both your password slot and all key files, there is no recovery path.
Keyboard Shortcuts
Action
Shortcut
Previous Day
Ctrl+[
Next Day
Ctrl+]
Go to Today
Ctrl+T
Go to Date
Ctrl+G
Previous Month
Ctrl+Shift+[
Next Month
Ctrl+Shift+]
Preferences
Ctrl+,
Statistics, Import, and Export are available via the Journal menu (no default keyboard accelerators).
For the full list of known limitations, deliberate tradeoffs, and technical debt, see docs/KNOWN_ISSUES.md.
User-facing highlights:
Concurrent access to the same journal file is not supported (by design)
No password recovery — losing all credentials is permanent (by design)
Full-text search is not available — removed in v0.2.0 because the FTS index stored plaintext, defeating encryption
Importing the same file twice creates duplicate entries (no deduplication)
Plugin changes require an app restart to take effect
Extending Mini Diarium
You can add local import/export extensions using Rhai scripts in your journal's plugins/ folder.
See docs/user-plugins/USER_PLUGIN_GUIDE.md for requirements, best practices, and a complete example plugin.
Mini Diarium currently ships in English only. If you'd like to add support for another language, see docs/TRANSLATIONS.md for instructions on creating a locale file and submitting a PR.
Releasing
For maintainers: See docs/RELEASING.md for step-by-step release instructions.
Security
See SECURITY.md for the security model and how to report vulnerabilities.
