Viewing the FileVault Recovery Key for a Computer

Jamf Pro Documentation 11.16.0
Solution
Application
Content Type
Technical Documentation
Utilities & Services
version
11.16.0
ft:locale
en-US
vrm_version
11.16.0

You can view the recovery key for a FileVault-encrypted computer and use it to unlock the computer's disk.

Requirements
The following privileges are required for Jamf Pro users to create and edit disk encryption configurations, and view and download recovery keys in Jamf Pro:
  • Disk Encryption Configurations (Jamf Pro Server Objects)Allows users to create, read, update, or delete a disk encryption configuration with a personal (a.k.a. individual) recovery key, an institutional recovery key, or both a personal (a.k.a. individual) and institutional recovery key.
  • Disk Encryption Institutional Configurations (Jamf Pro Server Objects)Allows the user to create, read, update, or delete disk encryption configuration with an institutional recovery key, or with both personal and institutional recovery keys. With the "View Disk Encryption Recovery Key" privilege also granted, this privilege also allows the user to view and download an institutional recovery key.
  • View Disk Encryption Recovery Key (Jamf Pro Server Actions) Allows the user to view a personal recovery key. This privilege also allows the user to view and download an institutional recovery key.
  1. In Jamf Pro, navigate to the computer you want to view the recovery key for, and then click the Inventory tab.
  2. Select Disk Encryption in the list of categories, and then click Show Key.
    If the recovery key is a personal recovery key (also known as an individual recovery key), it is displayed in Jamf Pro. If the recovery key is an institutional recovery key, click Download to download it.
    Note:

    Jamf Pro records each time a computer's recovery key is viewed in the computer's inventory record under History > Audit Logs. Jamf recommends issuing a new key after the current one is viewed and used.