Cauliflower Vest: FileVault 2 management for enterprise

Google’s MacOps team has released a new open source toolset for managing FileVault 2 for the enterprise: Cauliflower Vest.

Cauliflower Vest offers the ability to:

  • Forcefully enable FileVault 2 encryption.
  • Automatically escrow recovery keys to a secure Google App Engine server.
  • Delegate secure access to recovery keys so that volumes may be unlocked or reverted.

Cauliflower Vest: FileVault 2 management for enterprise

4 thoughts on “Cauliflower Vest: FileVault 2 management for enterprise

  1. Hi Greg. I saw some of your comments on the cauliflower-vest group. I started a script for storing the key in AD. Not sure if you are still interested but I thought I would let you know. You can head to my website and see what I have so far. I have more work to do but it does work.


    1. We don’t use AD, so this specific solution doesn’t work for me. What happens if a machine has multiple boot drives, each encrypted with FV2?

      1. The script works with AD or OD. I haven’t tried it with multiple drives so YMMV. I am mostly using it to streamline the imaging process. It also doesn’t take into account dual directory auth.

  2. Tim Votaw says:

    Hello Greg,

    It’s been a few years since I last talked to you while at Disney. When you get a moment I would like to pick your brain on how you were able to bypass using the Google App Engine. You can reach me at

    Hope all is well.

    Kindest Regards,
    Tim Votaw

Comments are closed.