Help

Save FileVault recovery key in extension attributes

emmayche
New Contributor III

Posted on ‎04-19-2018 07:50 AM

When setting up our Macs via our "rollout" script, part of what we're planning to do is turn on FileVault. As part of that, I'd very much like to save the recovery key, and the JSS's extension attributes seems like a good database-like place to save it.

Questions:

1) Since it's a one-time-set value, will anything (like "recon") wipe it out?
2) Is there a simple way of doing this for the current computer (i.e., the one the script is running on)?
3) Has anyone tried this, and are there any pitfalls that I'm obviously not anticipating?

0 Kudos
2 REPLIES 2

rderewianko
Valued Contributor II

Posted on ‎04-19-2018 08:06 AM

Please don't save it as a EA. It's not encrypted in your database then..
Jamf has a built in key manager for this key & enabling an enterprise key.

merps
Contributor III

Posted on ‎04-19-2018 11:06 AM

Depending on your OS version, there is a slightly different method for doing this.

Hopefully the discussion in this thread will help guide you.

0 Kudos