Skip to main content

How To Export Filevault Recovery Keys Via The Jamf Pro Portal

Updated over 2 weeks ago

Description

Sometimes customers may ask how they are able to collect and/or export the Personal Recovery Keys for their Filevault enabled macs. In the instructions below, we will share steps on how to accomplish this using an Advanced Computer Search in Jamf Pro.

Note: Prior to following these instructions, the mac(s) will need to have already collected a Personal Recovery Key within their device record.

Exporting FileVault Recovery Keys using Advanced Computer Search

  1. Navigate to Jamf Pro-> Computers-> Search Inventory-> Search a group or run an empty search to list all devices

  2. Click "New"

  3. Click the "Display" tab

  4. Select the "Storage" Item

  5. Check the box for "FileVault 2 Personal Recovery Key"

  6. Navigate to the Reports tab and choose your preferred file format.

  7. Choose the "Download Report" option.

  8. A file will be download in the format you selected and the Personal Recovery keys will be displayed in plain text.

Introduction

Sometimes, customers may ask how they can collect and/or export the FileVault Recovery Keys for their FileVault-enabled Macs. In the instructions below, we will share steps to accomplish this using the Jamf Pro API.

Instructions

With the Personal Recovery keys successfully escrowed in device records, Jamf Pro provides API endpoints that allow you to programmatically fetch the FileVault recovery key information for one or multiple devices.

Here below are the relevant API endpoints:

To test these API calls, you can utilize the following instructions below to confirm that these API endpoints successfully collect the Recovery Key you require. Note: Prior to following these instructions, the mac(s) will need to have already collected a Personal Recovery Key within their device record.

  1. Navigate to your API portal: https://Your_Instance.jamfcloud.com/api

  2. Choose "Jamf Pro API" - add your Username and Password to authorize.

  3. Find the “computer-inventory” section and click the dropdown for this option.

  4. Choose GET /v1/computers-inventory/{id}/view-recovery-lock-password.

  5. Add an ID of a computer in Jamf Pro that currently holds a recovery key and click the Try it out and click Execute.

  6. In the "Response Body" section, it should provide us the recovery key for that specific computer ID.

Note - You can repeat these same steps with the GET /v1/computers-inventory/filevault from the “computer-inventory” section. This GET allows a return from multiple devices.

Did this answer your question?