Short answer: Obsidian stores vault files as plain Markdown on disk with no built-in encryption. Mini Diarium encrypts each entry with AES-256-GCM before writing to a local SQLite database and has no network client. If you journal in Obsidian and want encryption at the storage layer without relying on a community plugin, Mini Diarium is a purpose-built alternative for Windows, macOS, and Linux.
Many Obsidian users journal in it because it is local-first and free. The vault stays on your machine. There is no mandatory account and no cloud sync unless you subscribe to Obsidian Sync. For people migrating away from cloud-based tools, that architecture is a genuine improvement. The concern that eventually prompts a move elsewhere is different: vault files are plain Markdown, readable by anyone with access to the file system. Encryption is not part of the core product.
This post covers what that difference means in practice for journal writing specifically.
What Obsidian is built for
Obsidian is a knowledge management tool built around a local folder of Markdown files. Its design is intentional: plain text in open formats that outlast any app. A note written today is a .md file that any editor can open in twenty years. The plugin ecosystem is large, the community is active, and the tool handles complex linking, tagging, and graph views across hundreds or thousands of files.
Daily notes and calendar plugins make it usable as a journal. Many people use it that way. But journaling is one use case layered on top of a general knowledge base architecture, not the designed-for workflow. There is no date-first calendar view in the core app, no word count streak, no entry-per-day model. These exist as community plugins, which means configuration and maintenance fall on the user.
The encryption gap
Vault files are plain Markdown on disk. Anyone with access to your file system can read them: another user on the same machine, malware with file access, or someone who copies the vault directory. This is not a vulnerability in Obsidian. It is the design. Open formats and portability require readable files.
Community plugins exist that encrypt individual notes symmetrically. They shift key management to the user and protect only the notes you remember to encrypt explicitly. Using a plugin for this means trusting third-party code that sits outside Obsidian's core review process, and it means your encryption coverage depends on whether you remembered to apply it to a given file.
Filesystem-level tools like VeraCrypt or BitLocker encrypt the entire volume, which protects files at rest when the disk is unmounted or locked. This is a real protection but a different one. It does not protect files while the OS is running and the volume is mounted, which covers most of the time your journal is accessible.
Neither approach is the same as encrypting at the storage layer before writing. AES-256-GCM applied per entry, with the key derived from your password, means the database file is ciphertext. The app decrypts in memory to display an entry, and nothing plaintext ever reaches disk.
What a journal-first design changes
A diary app organizes everything around the date. Open the app, navigate to any day, read or write that entry. The calendar is the primary interface, not a plugin.
Mini Diarium is built around this model. Each entry is tied to a date. Multiple entries per day are supported. A calendar view shows which days have entries and lets you jump to any of them. Word count statistics track writing streaks over time. The editor handles rich text including images and formatting. Import works directly from Mini Diary JSON, Day One JSON and TXT, and jrnl JSON, which are all journal formats.
In Obsidian, building an equivalent workflow requires the Daily Notes core plugin, a Calendar plugin, a template for note structure, and configuration to wire them together. The result can work well, but the setup work and the ongoing maintenance of that plugin stack is something you own. A dedicated journal app starts at that point.
Where Mini Diarium fits
Mini Diarium is a desktop journal for Windows, macOS, and Linux. It is free and released under the MIT license. Each entry is encrypted with AES-256-GCM before it is written to a local SQLite database. The app has no HTTP client, no telemetry, and no account.
Authentication options include password, key-file, and passwordless unlock. The key-file option uses X25519 and works like an SSH private key: the file is the credential, and a password can optionally be required alongside it. Passwordless journals use a device-bound key stored in the app's config directory.
Exports cover JSON and Markdown. Imports work from Mini Diary, Day One, and jrnl formats. The comparison page has a full feature matrix against Day One, Notion, Obsidian, Standard Notes, and others.
Mini Diarium is not a general notes tool. There is no plugin system, no linked graph, no backlinks, and no Markdown file-per-note structure. If you use Obsidian as a knowledge base and also want a journal inside the same vault, Mini Diarium does not replicate that combination. It is purpose-built for daily writing and nothing else. The app is also currently desktop-only; there are no mobile apps.
The practical takeaway
Obsidian and Mini Diarium are both local-first. Neither sends your files to a remote server by default. The difference is that Obsidian stores vault files as readable Markdown on disk with no built-in encryption, while Mini Diarium encrypts each entry with AES-256-GCM at the storage layer before anything touches disk.
If you use Obsidian as a knowledge base and want journaling to stay in the same system, that is a reasonable workflow and the plugin ecosystem can support it. If the Markdown-on-disk model is the reason you are looking elsewhere, and you want a journal where every entry is ciphertext at rest without relying on a plugin or a volume encryptor, Mini Diarium is built around that constraint from the start.
For background on what encryption at rest actually means compared to a login screen, the encrypted diary explainer covers the distinction clearly. If you want the broader checklist for evaluating local-only journal apps, the how to choose a private journal app post is a practical place to start. The comparison page has a side-by-side feature breakdown if you want to check specific capabilities.