Skip to content
App Engine-based escrow solution for enterprise management of disk encryption technologies for OS X (FileVault 2), Windows (BitLocker), and Linux (LUKS).
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
cauliflowervest workaroud for rules_appengine, to prevent jdk upload Jan 17, 2019
common Merge commit for internal changes Dec 3, 2018
res switch to bazel. Sep 8, 2017
third_party merge commit for internal changes. Jan 2, 2019
.gitignore switch to bazel. Sep 8, 2017
.travis.yml
COPYING Initial commit. Feb 22, 2012
INSTALL switch to bazel. Sep 8, 2017
README.md Merge commit for internal changes Dec 3, 2018
WORKSPACE merge commit for internal changes. Jan 2, 2019

README.md

ci

Overview

Note: OAUTH_CLIENT_ID moved from src/cauliflowervest/client/settings.py to cauliflowervest/settings.py

Cauliflower Vest is a recovery key escrow solution. The project initially started with end-to-end Mac OS X FileVault 2 support, and later added support for BitLocker (Windows), LUKS (Linux), Duplicity, and Firmware/BIOS passwords (Mac & Linux). The goal of this project is to streamline cross-platform enterprise management of disk encryption technologies.

Cauliflower Vest offers the ability to:

  • Forcefully enable FileVault 2 encryption.
  • Automatically escrow recovery keys to a secure Google App Engine server.
  • Delegate secure access to recovery keys so that volumes may be unlocked or reverted.
  • Sync BitLocker recovery keys from Active Directory.

Components:

  • A Google App Engine based service which receives and securely escrows recovery keys.

  • A GUI client running on the OS X user machines, which enables FileVault 2 encryption, obtains the recovery key, and sends it to the escrow service.

  • A CLI tool which runs on Linux, for use with LUKS and Duplicity.

  • A script to sync BitLocker recovery keys from Active Directory.

Getting Started

Full source is available for all components.

To get started, begin with the Introduction wiki page.

Warning

Upon releasing the update to App Engine, start the schema update (/ui/#/admin/) otherwise search and key retrieval will break. Progress can be monitored in App Engine logs. Logs will contain

UpdateSchema complete for VOLUME_TYPE with N updates!

for each volume type after successful migration.

Contact

Please search, join, and/or email the discussion list with questions at cauliflowervest-discuss@googlegroups.com. To reach only engineers on the project, email cauliflowervest-eng@googlegroups.com.

Thanks to Dorothy Marczak for the logo.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.