Automates the process of retrieving recovery keys with serial numbers from Jamf Pro via its API, storing them securely in a password store (e.g., pass). It also handles pagination for API responses, ensuring that large sets of data are processed correctly and efficiently. Additionally, it organizes the stored keys by serial number in a date-stamped directory structure.
- The jamf api filvevault endpoint does not include serial numbers in the response payload, only jamf ids.
- Create or import an existing a gpg key.
gpg --import private.key
- Verify the key is in your gpg store:
gpg --list-keys
- You may need to set the trust level of the key also:
https://yanhan.github.io/posts/2014-03-04-gpg-how-to-trust-imported-key/
- Install unix password manager https://www.passwordstore.org/.
git clonethis repo to$HOME/repos.- Add to
.zshrcor.bashrc. This will define the password store used byprkpass:
prkpass() {
PASSWORD_STORE_DIR=$HOME/repos/prkstore pass $@
}
- If zsh completion is required also add this to
.zshrc:
compdef _pass prkpass
zstyle ':completion::complete:prkpass::' prefix "$HOME/repos/prkstore"
- Reload shell:
source ~/.zshrc
Passing the capture date and device serial to the function will output the required key in the console. You will get prompted for the gpg key passphrase.
$ prkpass 2023-12-19/C1FFPF6P7N
EEGP-A3HA-AOY7-UGGN-QJVO-TWH7