This article proposes a method for storing personal (or "individual") FileVault recovery keys in Miradore using custom attributes.
Background
With Miradore, it is possible to enforce the activation of FileVault disk encryption for Miradore-managed macOS devices remotely using a configuration profile. For more information, please read our article on macOS FileVault disk encryption.
If the device user forgets the device's login password, the encrypted disk can be unlocked either using a personal or institutional recovery key, depending on how FileVault was set up.
If a personal recovery key is used to set up the disk encryption, then it is the device user's responsibility to write down and store the recovery key safely. The personal recovery keys are not automatically inventoried by Miradore.
How to use custom attributes for storing the personal FileVault Recovery Keys
The custom attributes are additional device data fields that you can use to store any textual information about devices on Miradore.
The custom attributes are shown in the Custom attributes table located in the Main tab of the Device page. You can enter the attribute value separately for each device.
You can add new custom attributes through the Company > Attributes > Custom attributes page in Miradore. For more details, please read Custom device attributes.
Security considerations
Please note that all users in Reader, Editor, or Administrator roles are able to read the contents of the custom attributes on your Miradore site. This means they can read the recovery keys if you choose to store them in Miradore using the method described in this article.
Have feedback on this article? Please share it with us!
Previous Article:
« Filevault disk encryption for macOS systems
Next Article:
Custom configuration profiles for Macs »