A Go implementation of the original zsh script for extracting FileVault recovery keys from Jamf Pro.
This Go implementation is based on the original zsh script created by Rich Trouton (rtrouton) from Der Flounder.
Original Script: Using the Jamf Pro API to retrieve FileVault personal recovery keys
Author: Rich Trouton (rtrouton)
Website: Der Flounder
Publication Date: January 25, 2023
We extend our sincere gratitude to Rich Trouton for his pioneering work in creating the original script that demonstrated how to use the Jamf Pro API to retrieve FileVault personal recovery keys. His comprehensive approach to handling both the Classic API and the modern Jamf Pro API, along with his detailed documentation and security considerations, provided the foundation for this Go implementation.
The original script's architecture, API endpoint usage, and error handling patterns have been carefully preserved and enhanced in this Go version, ensuring continuity with the proven approach while adding modern features like automatic computer discovery, improved error handling, and cross-platform compatibility.
- Automatic Computer Discovery: Get all computers directly from Jamf Pro API or process specific computers from a file
- Bearer Token Authentication: Uses modern Jamf Pro API authentication with automatic token renewal
- Dual API Support: Uses both Classic API (for computer records) and Jamf Pro API (for FileVault keys)
- Pagination Support: Handles large computer inventories with automatic pagination
- Progress Tracking: Shows real-time progress during processing
- Error Handling: Comprehensive error handling with detailed logging
- CSV Report Generation: Creates comma-separated value reports for easy analysis
- Audit Logging: Comprehensive logging to
jamf_extractor.logfor compliance and troubleshooting - Command Line Interface: Flexible CLI with help and multiple operation modes
# Get all computers directly from Jamf Pro API
./jamf-extractor all --url "https://your-jamf-instance.jamfcloud.com/" --username "your-username" --password "your-password"
# Or use short flags
./jamf-extractor all -u "https://your-jamf-instance.jamfcloud.com/" -n "your-username" -p "your-password"# Process computers from a text file containing IDs
./jamf-extractor file jamf_ids.txt --url "https://your-jamf-instance.jamfcloud.com/" --username "your-username" --password "your-password"
# Or use short flags
./jamf-extractor file jamf_ids.txt -u "https://your-jamf-instance.jamfcloud.com/" -n "your-username" -p "your-password"# Show general help
./jamf-extractor --help
# Show help for specific commands
./jamf-extractor all --help
./jamf-extractor file --helpThe tool now uses command line arguments for configuration instead of hardcoded values. All configuration parameters are required:
--url/-u: Jamf Pro server URL (required)--username/-n: Jamf Pro username (required)--password/-p: Jamf Pro password (required)
You can also set these as environment variables to avoid typing them each time:
export JAMF_URL="https://your-jamf-instance.jamfcloud.com/"
export JAMF_USERNAME="your-username"
export JAMF_PASSWORD="your-password"Then use the tool without specifying the flags:
./jamf-extractor all
./jamf-extractor file jamf_ids.txtThe input file should contain one Jamf Pro computer ID per line:
123
456
789
The script generates a CSV report with the following columns:
- Jamf Pro ID Number
- Make
- Model
- Serial Number
- UDID
- FileVault Recovery Key Available
- FileVault Recovery Key
- Jamf Pro URL
The tool creates a comprehensive audit log file jamf_extractor.log in the current directory that includes:
Note: The log file automatically appends new sessions to existing logs, preserving the complete audit history.
- Session start/end timestamps
- Authentication attempts and results
- Computer processing details
- FileVault key retrieval status
- Error conditions and troubleshooting information
- Report generation details
This audit log is essential for:
- Compliance: Meeting regulatory requirements for data access logging
- Troubleshooting: Diagnosing issues with specific computers or API calls
- Security: Tracking who accessed what data and when
- Auditing: Reviewing tool usage and data access patterns
POST /api/v1/auth/token- Get bearer tokenGET /api/v1/auth- Check token validityPOST /api/v1/auth/keep-alive- Renew token
GET /api/v1/computers-inventory- Get list of all computers (with pagination)GET /JSSResource/computers/id/{id}- Get computer record (Classic API)GET /api/v1/computers-inventory/{id}/filevault- Get FileVault recovery key
The script handles various error conditions:
- Invalid computer IDs
- Authentication failures
- Network timeouts
- API rate limiting
- Missing FileVault keys
- Go 1.24+ - This program requires Go version 1.24 or later
- macOS ARM64 - Built and tested on Apple Silicon Macs
This project has been thoroughly checked for security vulnerabilities using Go's built-in security tools:
✅ Security Status: SECURE
- No Critical Vulnerabilities Found: All dependencies verified and secure
- Module Verification: All module checksums validated using
go mod verify - Dependency Updates: All dependencies updated to latest secure versions
- Minimal Attack Surface: Uses primarily Go's secure standard library
- Dependency Security Check: Used
go mod verifyto validate all module checksums - Vulnerability Scanning: Checked for known security issues in all dependencies
- Dependency Updates: Updated to latest secure versions:
github.com/cpuguy83/go-md2man/v2:v2.0.6→v2.0.7github.com/spf13/pflag:v1.0.9→v1.0.10gopkg.in/check.v1:v0.0.0-20161208181325-20d25e280405→v1.0.0-20201130134442-10cb98267c6c
- Minimal Dependencies: Only essential packages included
- Standard Library: Primarily uses Go's secure standard library
- Regular Updates: Dependencies kept current with latest secure versions
- Verified Modules: All modules cryptographically verified
- Audit Logging: Comprehensive logging for security monitoring and compliance
To perform security checks on this project:
# Verify module checksums
go mod verify
# Check for dependency updates
go list -m -u all
# Update dependencies to latest versions
go get -u ./...
# Rebuild with updated dependencies
go build -o jamf-extractor main.goThis Go program uses the following packages:
encoding/json- JSON parsingencoding/xml- XML parsingnet/http- HTTP clientos- File operationsstrings- String manipulation
github.com/spf13/cobrav1.10.1 - CLI framework for command structure and argument parsinggithub.com/spf13/pflagv1.0.10 - Command-line flag parsinggithub.com/cpuguy83/go-md2man/v2v2.0.7 - Markdown to man page conversiongopkg.in/check.v1v1.0.0 - Testing frameworkgopkg.in/yaml.v3v3.0.1 - YAML parsing
# Build for your current platform
go build -o jamf-extractor main.go./jamf-extractor jamf_ids.txt- Language: Converted from zsh to Go for better performance and maintainability
- Automatic Discovery: Can now get all computers directly from Jamf Pro API instead of requiring manual ID input
- Pagination: Handles large computer inventories with automatic pagination
- Professional CLI: Uses Cobra framework for professional command-line interface with subcommands
- Configuration Management: Command-line arguments instead of hardcoded values or plist files
- Audit Logging: Comprehensive logging to local file for compliance and troubleshooting
- Error Handling: More robust error handling with detailed error messages
- Progress Display: Simplified progress indicator without spinner
- Logging: Uses Go's standard logging package with dual output (file + console)
- Memory Management: More efficient memory usage for large datasets
- Help System: Built-in help system with command-specific documentation