A local-first encrypted notes app. Notes are encrypted in the browser with a master password before being saved to local storage.
I built this to practise the security side of ordinary app design: password-based keys, local storage limits, import/export, and honest warning text.
Open index.html in a modern browser. If the browser blocks Web Crypto from local files, run a small local server:
python -m http.server 8000Then open http://localhost:8000.
npm testThe test checks JavaScript syntax, required project files, README sections, screenshot presence, security notes, and old template/security placeholder wording.
- Creates a master-password vault.
- Uses PBKDF2 key derivation.
- Encrypts notes with AES-GCM.
- Supports search, tags, import, and export.
- Runs without a backend.
- Shows local-only safety notes and vault status inside the app.
This is complete as a beginner local-first security project. It has create/unlock/lock, encrypted local storage, search, tags, import/export, backup warnings, screenshot, and a smoke test.
This is a learning project. I would not use it for important personal secrets without a full security review.
- Browser crypto is powerful, but the surrounding design still matters.
- Local-only storage keeps the app simple, but it also makes backup and recovery important.
- Security projects need honest limits in the README.
- Add a manual test checklist for create, lock, unlock, export, and import.
- Add optional note sorting by title or last updated time.
I added notes on the local-first security ideas in docs/portfolio-notes.md.
