Skip to content
This repository has been archived by the owner on Sep 16, 2021. It is now read-only.
/ cauliflowervest Public archive

App Engine-based escrow solution for enterprise management of disk encryption technologies for OS X (FileVault 2), Windows (BitLocker), and Linux (LUKS).

License

Notifications You must be signed in to change notification settings

google/cauliflowervest

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

ci

Overview

**Note: Cauliflower Vest is being Archived

On April 15, 2021, Cauliflower Vest will be archived. Cauliflower Vest has not had active development in quite some time, so we think it’s time for the repository to reflect that state. The code will remain available, but the GitHub project will be archived and our developers will no longer be maintaining or updating this project. You can, of course, continue to fork from this project and develop your own tools.

Let us know at [email protected] if you have any questions or concerns.

Thank you, Cauliflower Vest Eng Team

Note: OAUTH_CLIENT_ID moved from src/cauliflowervest/client/settings.py to cauliflowervest/settings.py

Cauliflower Vest is a recovery key escrow solution. The project initially started with end-to-end Mac OS X FileVault 2 support, and later added support for BitLocker (Windows), LUKS (Linux), Duplicity, and Firmware/BIOS passwords (Mac & Linux). The goal of this project is to streamline cross-platform enterprise management of disk encryption technologies.

Cauliflower Vest offers the ability to:

  • Forcefully enable FileVault 2 encryption.
  • Automatically escrow recovery keys to a secure Google App Engine server.
  • Delegate secure access to recovery keys so that volumes may be unlocked or reverted.
  • Sync BitLocker recovery keys from Active Directory.

Components:

  • A Google App Engine based service which receives and securely escrows recovery keys.

  • A GUI client running on the OS X user machines, which enables FileVault 2 encryption, obtains the recovery key, and sends it to the escrow service.

  • A CLI tool which runs on Linux, for use with LUKS and Duplicity.

  • A script to sync BitLocker recovery keys from Active Directory.

Getting Started

Full source is available for all components.

To get started, begin with the Introduction wiki page.

Warning

Upon releasing the update to App Engine, start the schema update (/ui/#/admin/) otherwise search and key retrieval will break. Progress can be monitored in App Engine logs. Logs will contain

UpdateSchema complete for VOLUME_TYPE with N updates!

for each volume type after successful migration.

Contact

Please search, join, and/or email the discussion list with questions at [email protected]. To reach only engineers on the project, email [email protected].

Thanks to Dorothy Marczak for the logo.

About

App Engine-based escrow solution for enterprise management of disk encryption technologies for OS X (FileVault 2), Windows (BitLocker), and Linux (LUKS).

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Packages

No packages published