barscaret-downcaret-leftcaret-rightcaret-upcheckchevron-leftchevron-rightfile-pdfinfosign-in-altsignin text-widthtimesyoutube

macOS > Device Data & Configuration

Storing personal FileVault encryption keys using custom attributes

Created on November 10th, 2022

This article proposes a method for storing personal (or "individual") FileVault recovery keys in Miradore using custom attributes.


With Miradore, it is possible to enforce the activation of FileVault disk encryption for Miradore-managed macOS devices remotely using a configuration profile. For more information, please read our article on macOS FileVault disk encryption.

If the device user forgets the device's login password, the encrypted disk can be unlocked either using a personal or institutional recovery key, depending on how FileVault was set up.

If a personal recovery key is used to set up the disk encryption, then it is the device user's responsibility to write down and store the recovery key safely. The personal recovery keys are not automatically inventoried by Miradore.

How to use custom attributes for storing the personal FileVault Recovery Keys

The custom attributes are additional device data fields that you can use to store any textual information about devices on Miradore.

The custom attributes are shown in the Custom attributes table located in the Main tab of the Device page. You can enter the attribute value separately for each device.

You can use custom attributes to save additional data about devices to Miradore

You can add new custom attributes through the Company > Attributes > Custom attributes page in Miradore. For more details, please read Custom device attributes.

Security considerations

Please note that all users in Reader, Editor, or Administrator roles are able to read the contents of the custom attributes on your Miradore site. This means they can read the recovery keys if you choose to store them in Miradore using the method described in this article.

  • This field is for validation purposes and should be left unchanged.

Previous Article:

Next Article: