An app for allowing users to enable FileVault 2 and safely escrow the Recovery Key with an instance of Crypt-Server.
Python Shell Objective-C Makefile
Latest commit 86e6413 Jun 14, 2016 @grahamgilbert committed on GitHub Update README.mdown
Failed to load latest commit information.
Example Login Hook
Example script for LoginScriptPlugin
build_resources Simplify build process and start to support LoginScriptPlugin Jul 10, 2015


Crypt is deprecated. You should use Crypt 2 from now on.

Crypt is a system for centrally storing FileVault 2 recovery keys. It is made up of a client app, and a Django web app for storing the keys. You will also need to download and install the webapp.

Changes in this version

  • 10.7 is no longer supported.
  • Improved logging on errors.
  • Improved user feedback during long operations (such as enabling FileVault).


The client is written in Pyobjc, and makes use of the built in fdesetup on OS X 10.8 and higher. An example login hook is provided to see how this could be implemented in your organisation.


  • If escrow fails for some reason, the recovery key is stored on disk and a Launch Daemon will attempt to escrow the key periodically.
  • If the app cannot contact the server, it can optionally quit.
  • If FileVault is already enabled, the app will quit.


Crypt Screenshot



sudo defaults write /Library/Preferences/FVServer ServerURL ""

To disable the network check (for example, in environments when the network isn't available until the user has authenticated): sudo defaults write /Library/Preferences/FVServer NetworkCheck -bool NO

fdesetup, the binary Crypt uses to enable FileVault needs to be run as root. You will need to devise your own way of running this, whether it is via a LaunchDaemon or a LoginHook.


Thanks to Greg Neagle and the other contributors at Munki for having code that I could borrow.