This macOS workflow (Create Encrypted Image.workflow) is an Automator Quick Action, which adds a context popup on folders in Finder. When activated, the workflow launches a new Terminal window that helps users encrypt a folder and its contents. The resulting DMG disk image requires a password to unlock.
| 1. Download this repository as a .zip file |  |
2. To inspect the script without installing, you can Right Click Create Encrypted Image.workflow, and select Open with Automator |
 |
3. To install the script, right click Create Encrypted Image.workflow, and select Open With Automator Installer |
 |
| 4. Click Install to register the quick action |  |
| 5. Confirm installation, by right clicking a folder, and checking that Quick Actions now contains the workflow |  |
6. A Terminal window will prompt for sudo, which is your Mac admin's password. It is required to run the command.7. You will be prompted for a password to encrypt the folder with. This is distinct from the sudo password, and will be required to decrypt the DMG. |
 |
| 8. You should see a new file appear at the same location as the folder you encrypted. Double-click it, then enter your password to decrypt it. |  |
The workflow installs under ~/Library/Services. Just delete Create Encrypted Image.workflow from there and it's all gone!
You can use Touch ID to authorize sudo, which I find pairs nicely with this workflow. See how here:
https://gist.github.com/fraune/0831edc01fa89f46ce43b8bbc3761ac7
on run {input, parameters}
set folderPath to POSIX path of item 1 of input
tell application "Terminal"
activate
do script "sudo hdiutil create -size 20mb -fs apfs -encryption AES-256 " & quoted form of folderPath & " -srcfolder " & quoted form of folderPath & "; exit"
end tell
return input
end runSet the folderPath variable to be the input folder
set folderPath to POSIX path of item 1 of inputOpen Terminal.app, and bring it to the foreground
tell application "Terminal"
activate
...
end tellDo the encryption work
do script "sudo hdiutil create -size 20mb -fs apfs -encryption AES-256 '" & folderPath & "' -srcfolder '" & folderPath & "'; exit"Notes:
- This is some AppleScript that runs a Bash command, expanding the
folderPathvariable into the hdiutil arguments - My understanding is that
-size 20mbjust sets the initial size. The resulting DMG will be more or less, depending on what you encrypt. -fs apfs -encryption AES-256sets the filesystem type and encryption type to use. Last I checked, AES-256 is the best encryption supported byhdiutilin this context.- The
folderPathvariable is used twice: as the input path, and as the output path. The output path will automatically append.dmgonto the end offolderPathwhen the command completes.
- Add notification upon successful completion (inspiration)