alt Hacker NewsShow HN: Sklad – Secure, offline-first snippet manager (Rust, Tauri v2)
Hi HN, I’m Pavel.
I built Sklad because, as a DevOps engineer, I was frustrated with how I handled operational data. I constantly need access to SSH passwords (where keys aren't an option), specific IP addresses, and complex CLI one-liners. I realized I was storing them in insecure text files or sticky notes because standard clipboard managers felt too bloated and password managers were too slow for my workflow.
I wanted a "warehouse" for this data—something that lives quietly in the system tray, supports deep hierarchy, works completely offline, and looks industrial.
The app is built with Rust and Tauri v2. The core technical challenge was mapping a local JSON tree structure directly to a recursive native OS tray menu. This allows you to navigate nested folders just by hovering, without opening a window.
For security, I implemented AES-256-GCM encryption with Argon2 for key derivation. When the vault locks, the sensitive data is wiped from memory, and the tray menu collapses to a locked state.
It was an interesting journey building this on the Tauri v2 Beta ecosystem. I’d love to hear your feedback on the implementation, especially regarding the Rust-side security logic.
Comments
For "operational" notes at volume, keeping that segregated with a different muscle memory and organizational thesis is a fine idea, having all secure notes in literally the same tool is probably an over-abstraction.
For that reason, I like this idea, but think I wouldn't drag Tauri into it, would rather it stay SwiftUI or such to minimize the dependency footprint. As suggested by the various Electron wallet app compromises, keep software supply chain libs away from most critical secrets please.
For those thinking "but I only want one secure store", a brief survey:
To point of other comment here, KeePassXC has supported item templates including for secure notes for some time:
https://github.com/keepassxreboot/keepassxc/issues/8228
This discussion of KeePassXC for notes also mentions BitWarden and ProtonPass:
https://guitarguy234.wordpress.com/2024/10/07/using-keepassx...
For what it's worth, 1Password Secure Note feature shares most features here:
https://1password.com/features/secure-notes/
Since we're talking AppleOS, Apple Notes also supports independently encrypted notes surprisingly thoroughly:
https://support.apple.com/en-gb/guide/security/sec1782bcab1/...
For a not-at-all-secured open clipping grabber in the sense it feeds an open knowledge base ecosystem tool storing your information in YAML properties headed Markdown text, consider:
[dead]
I don't have a job where I need this, but I love the UI experimentation you're doing here -- "fast muscle memory folder-based encrypted snippets for devops" makes total sense as a different need than most password manager users, and I love it when people discover a way of interacting that clicks more with their brain.
I wonder if you could try a variation that keeps passwords in an existing password manager and just uses this as an alternate UI client -- for example with the 1Password sdk https://developer.1password.com/docs/sdks/desktop-app-integr... or this technique for KeePassXC https://pypi.org/project/keepassxc-proxy-client/ . You could expose existing secrets under an "uncategorized" folder, and add a field like "sklad_folder": "foo/bar" to the secret if the user organizes them.
This way your crypto surface area narrows a lot -- you still need to do the integration securely and be thoughtful about any metadata you cache locally (maybe you don't need any!), but you barely touch actual secrets. And you can freeride on all the edge cases existing password managers handle -- recovery, autolock, sync etc. And you don't need to update passwords in two places. And the trust you're asking from users is less -- if I'm considering using your thing, I don't have to fret about all the little policy things you might have done differently from 1Password, I just have to check if you've made a secure frontend. And I can go partway, open up one vault to the frontend but not others, in a way I clearly understand. I'm paranoid and still wouldn't use a 3rd party client to my password manager, but for people who need this it seems like a much more attractive offer that way.