A simple, self-hosted, encrypted Markdown note-taking app built with Vue 3, and Express. Check out the hosted demo!
With the release of version 1.0.0
, encryption was introduced. However, due to this non-trivial change, this release is not backwards-compatible with previous versions. Attempting to run version 1.0.0
with a database created with an earlier version will cause the application to crash.
Currently, no automated migration is provided, sorry. To migrate to 1.0.0
, you will need to run two parallel instances and manually copy your notes.
- NodeJS >=
16.14.0 LTS
π‘ Since version 1.0.0, TLS encryption is mandatory for hosts other than localhost
, as required for window.crypto.subtle
(see #73).
When either only using MiniNote locally or running it behind a reverse proxy, which terminates TLS instead, you can leave out the HTTPS / TLS part of the setup.
# 1. Clone the repo
$ git clone https://github.com/muety/mininote
# 2. Install backend dependencies
$ yarn
# 3. Install frontend dependencies and build
$ cd webapp && yarn && yarn build && cd ..
# 4. Obtain or create a TLS certifiate
# See https://www.linode.com/docs/guides/create-a-self-signed-tls-certificate/
# Skip for localhost or with reverse proxy
# 4. Set environment variables for TLS cert and key
# Skip for localhost or with reverse proxy
$ export HTTPS_CERT='path/to/your/mininote.crt'
$ export HTTPS_KEY='path/to/your/mininote.key'
# Run
$ yarn start
# 1. Obtain or create TLS certificate (see above)
# 2. Create a persistent volume
$ docker volume create mininote-data
# 3. Run the container
$ docker run \
-d \
-p 3000:3000 \
-v mininote-data:/app/data \
-v path/to/your/mininote.crt:/etc/mininote.crt:ro \
-v path/to/your/mininote.key:/etc/mininote.key:ro \
-e HTTPS_CERT=/etc/mininote.crt \
-e HTTPS_KEY=/etc/mininote.key \
--name mininote \
ghcr.io/muety/mininote:latest
MiniNote features encryption, i.e. every note's title and content are encrypted on the client-side (i.e. in your browser) using symmetric AES-GCM provided by the Web Crypto API. However, a notebook's password is used to derive the encryption key. That is, encryption is only as strong as your password. Moreover, although notes are sent to the server encryptedly, this cannot be considered true end-to-end encryption, since the server technically has a chance to log your password the moment you create a new notebook in the first place. MiniNote aims for a decent level of security, but does not claim to be NSA-proof.
Feel free to contribute! All contributions that add value to the project are welcome. However, please be aware that you are not done after having opened a PR. In order to keep quality high, it is expected that you implement change requests and react to comments within an adequate time, until your code is merged. Otherwise your PRs will be closed after a while, sorry!
MIT @ Ferdinand MΓΌtsch