Skip to content


Subversion checkout URL

You can clone with
Download ZIP
An app for allowing users to enable FileVault 2 and safely escrow the Recovery Key with an instance of Crypt-Server.
Python Shell Objective-C Makefile
Latest commit 3b993b9 @grahamgilbert Update README.mdown



Crypt is a system for centrally storing FileVault 2 recovery keys. It is made up of a client app, and a Django web app for storing the keys. You will also need to download and install the webapp.

Changes in this version

  • 10.7 is no longer supported.
  • Improved logging on errors.
  • Improved user feedback during long operations (such as enabling FileVault).


The client is written in Pyobjc, and makes use of the built in fdesetup on OS X 10.8 and higher. An example login hook is provided to see how this could be implemented in your organisation.


  • If escrow fails for some reason, the recovery key is stored on disk and a Launch Daemon will attempt to escrow the key periodically.
  • If the app cannot contact the server, it can optionally quit.
  • If FileVault is already enabled, the app will quit.


Crypt Screenshot



sudo defaults write /Library/Preferences/FVServer ServerURL ""

To disable the network check (for example, in environments when the network isn't available until the user has authenticated): sudo defaults write /Library/Preferences/FVServer NetworkCheck -bool NO

fdesetup, the binary Crypt uses to enable FileVault needs to be run as root. You will need to devise your own way of running this, whether it is via a LaunchDaemon or a LoginHook.


Thanks to Greg Neagle and the other contributors at Munki for having code that I could borrow.

Something went wrong with that request. Please try again.