The payload that configures FileVault recovery key escrow.
| Setting | Type | Required | Default | Manual Install | Supported OS |
|---|---|---|---|---|---|
Location Location The description of the location where the system escrows the recovery key. The system inserts this text into the message the user sees when it enables FileVault. | string | required | — | ✓Yes | macOS (10.13+) |
EncryptCertPayloadUUID EncryptCertPayloadUUID The UUID of a payload within the same profile that contains the certificate that the system uses to encrypt the recovery key. The referenced payload must be of type `com.apple.security.pkcs1`. | string | required | — | ✓Yes | macOS (10.13+) |
DeviceKey DeviceKey The string that's included in help text if the user appears to have forgotten the password. Site admins can use this key to look up the escrowed key for the particular computer.
This key replaces the `RecordNumber` key used in the previous escrow mechanism. If the key is missing, the system uses the device serial number instead. | string | optional | — | ✓Yes | macOS (10.13+) |
