Description
Sometimes customers may ask how they are able to collect and/or export the Personal Recovery Keys for their Filevault enabled macs. In the instructions below, we will share steps on how to accomplish this using an Advanced Computer Search in Jamf Pro.
Note: Prior to following these instructions, the mac(s) will need to have already collected a Personal Recovery Key within their device record.
Exporting FileVault Recovery Keys using Advanced Computer Search
Navigate to Jamf Pro-> Computers-> Search Inventory-> Search a group or run an empty search to list all devices
Click "New"
Click the "Display" tab
Select the "Storage" Item
Check the box for "FileVault 2 Personal Recovery Key"
Navigate to the Reports tab and choose your preferred file format.
Choose the "Download Report" option.
A file will be download in the format you selected and the Personal Recovery keys will be displayed in plain text.
Introduction
Sometimes, customers may ask how they can collect and/or export the FileVault Recovery Keys for their FileVault-enabled Macs. In the instructions below, we will share steps to accomplish this using the Jamf Pro API.
Instructions
With the Personal Recovery keys successfully escrowed in device records, Jamf Pro provides API endpoints that allow you to programmatically fetch the FileVault recovery key information for one or multiple devices.
Here below are the relevant API endpoints:
Return FileVault information for a specific computer: https://developer.jamf.com/jamf-pro/reference/get_v1-computers-inventory-id-filevault
Return paginated FileVault information for all computers: https://developer.jamf.com/jamf-pro/reference/get_v1-computers-inventory-filevault
To test these API calls, you can utilize the following instructions below to confirm that these API endpoints successfully collect the Recovery Key you require. Note: Prior to following these instructions, the mac(s) will need to have already collected a Personal Recovery Key within their device record.
Navigate to your API portal: https://Your_Instance.jamfcloud.com/api
Choose "Jamf Pro API" - add your Username and Password to authorize.
Find the “computer-inventory” section and click the dropdown for this option.
Choose GET /v1/computers-inventory/{id}/view-recovery-lock-password.
Add an ID of a computer in Jamf Pro that currently holds a recovery key and click the Try it out and click Execute.
In the "Response Body" section, it should provide us the recovery key for that specific computer ID.
Note - You can repeat these same steps with the GET /v1/computers-inventory/filevault from the “computer-inventory” section. This GET allows a return from multiple devices.