Category filter

Script to check encryption status on Mac

Verifying and enabling FileVault encryption on workplace macOS devices is crucial to keep sensitive devices from being compromised. However, it is a lengthy process to manage FileVault on the system from the System Preferences manually. A more efficient solution is needed to manage FileVault on multiple devices. You can run the following script with the Mac Terminal app to check the FileVault encryption status on macOS devices.

Device admins can remotely run scripts on Macs managed with Hexnode using the Execute Custom Script action.

Scripting language – Bash

File extension – .sh


The sample scripts provided below are adapted from third-party open-source sites.

Check encryption status

The fdesetup command can be used to obtain the current status of macOS FileVault.

Sample output:

Fetch FileVault encryption status on Mac

Check encryption/decryption progress

The scripts show the progress when the device is being encrypted or decrypted:

For macOS 10.11 and 10.12:

The script below helps you keep track of the encryption/decryption occurring on the device.

The diskutil command is used as a tool for managing disks or partitions on macOS devices. This command helps users in performing tasks such as viewing, creating, unmounting, resizing, formatting, and repairing disks.

grep tool is used for locating a string within a file.

Sample output:

Get FileVault conversion progress for macOS 10.11 and 10.12

For macOS 10.13 and later:

  1. The script below helps you keep track of the encryption occurring on the device.
  2. From macOS 10.13, Apple has introduced a new default file system called APFS (Apple File System).

    Sample output:

    Get FileVault encryption progress for macOS 10.13 and later.
  3. The script below helps you keep track of the decryption occurring on the device.
  4. Sample output:

    Get FileVault decryption progress for macOS 10.13 and later.

  • The above scripts will only work on devices undergoing either encryption or decryption.
  • The FileVault completion progress cannot be tracked via scripts on macOS devices with Apple Silicon chip.


  • It is recommended to manually validate the script execution on a system before executing the action in bulk.
  • Hexnode will not be responsible for any damage/loss to the system on the behaviour of the script.

  • Sample Script Repository