Quick Fix: Mount Encrypted APFS Drive with AppleScript

automatically unlock an APFS volume with AppleScript

To supplement last week’s post on automatically mounting an external drive to create a clone, here is a quick tip for doing the same thing with an encrypted APFS volume. Ideally, you should be encrypting your backups. If you’re running macOS 10.13 High Sierra, or the impending macOS Mojave, then you will be cloning your system to an APFS volume. If that’s the case, you’ll need to no how to automatically unlock APFS volume with AppleScript.

Automatically unlock APFS volume with AppleScript

There is a little more work involved here, but none of it difficult. The file system might be new, but diskutil is still the command line program doing all the work managing volumes. There is simply a couple more commands involved. This assumes you have already encrypted the drive with Disk Utility.

To mount, or rather unlock an encrypted APFS volume with AppleScript, we need the following information:

  • APFS volume ID
  • Cryptographic user ID
  • The encryption password

The password is the same one you used when you formatted the drive. Here is how to get the other two pieces of the puzzle.

  1. Find the APFS volume ID for your clone drive. You can see this information clearly in Disk Utility. For every volume listed there is a table of information, the device field has what you are looking for. It is some variation of disk1s1. Or if you prefer, with the drive already mounted you can run a terminal command to have the information of all your drives listed, like so:

diskutil apfs list

That command will take a moment, then print a whole lot of information to screen like below. Look for volume you intend to clone your system to and note down the APFS Volume Disk.

Automatically Unlock Apfs Volume With Applescript
You can find the APFS volume ID in a couple of places, if you know where to look
  1. Once you have the volume ID.  In the terminal run the following command (replace ‘apfs_volume_id’ with your disk)

diskutil apfs listcryptousers /dev/apfs_volume_id

You will get something that looks like this:

+-- B4BA200D-B0B7-4AB2-A48C-BDE9FFA7E3BA
	Type: Disk User
	Hint: 1pw

That long alphanumeric code is the Cryptographic user. Copy that code and you have everything you need to make your AppleScript work.

  1. Create the AppleScript to automatically mount your encrypted APFS volume. The script looks like this:
do shell script "diskutil apfs unlockVolume [name_of_your_drive] -user B4BA200D-B0B7-4AB2-A48C-BDE9FFA7E3BA -passphrase [enter your passphrase here]" 

Naturally, you will enter the name of your drive, and replace the user code with the one you copied above. Make sure you remove the square brackets.

  1. Find a way to launch the script when you need it. There are a bunch of options in my previous post. My preferred option is currently Keyboard Maestro, but an Automator Calendar Alarm, or Lingon X work just as well.

Congratulations, you can automatically unlock an APFS volume with AppleScript.

 

Photo by Patrick Lindenberg on Unsplash

Automatically Mount External Drive to Clone a Mac

Simple Mac Automator Example

I know some people find automation daunting. Fortunately, some of the most effective Mac automations are simple enough to get anybody started. The native MacOS automator app alone can save you from boring and repetitive tasks. Better still, Mac automation can save you from having to remember those tasks. A good example of a simple automation is how to automatically mount an external drive to create a bootable clone for backup.

Backup Strategies for macOS

The past 18 months we’ve had some hardware failures that took me from feeling over-prepared to being relieved I have this all set up. A solid backup and recovery scheme is table stakes for most nerds, but in my experience the same can’t be said of academics. To say nothing of the way most students wing it with their data. I’ve lost count of the horror stories I’m privy to. Undergrads losing devices, or having them pinched. Graduate students having to ask supervisors for a copy of their own thesis, or recompile dissertations from draft fragments. My backup strategy looks like this:

  1. Regular time machine backups to an external drive on my Synology rt2600ac router. Setting up Time Machine to backup wirelessly is an overlooked example of Mac automation
  2. Continuous offsite backup of everything to Backblaze. For US$5 a month, I have almost 6 terabytes of files backed up.
  3. An automated, bootable clone of my entire system updated every night using SuperDuper!

If you have a solid backup strategy, regularly creating bootable clones of your whole system drive is no doubt part of it. If it isn’t, it should be.

Automatically Mounting an External Hard Drive

One of the problems with automating the creation of a bootable clone is the drive must be mounted. That might seem like I’m stating the bleeding obvious, or overlooking an obvious solution, but keeping a clone of your system mounted at all times can create all kinds of problems. Once the drive is indexed, you can have issues with document conflicts, messed up caching, and all manner of application weirdness. It doesn’t take much to launch the wrong version of an app, then you’re in a world of hurt.

The answer, of course, is to automatically mount the drive before backup, and eject it afterwards. But how to do that? Ejecting the drive is the easy part. Any decent backup, cloning app will have this functionality. This includes apps like Chronosync, Carbon Copy Cloner, or if you’re a Setapp user, Backup Pro. My favourite drive cloning software for Mac is Super Duper! for its elegant simplicity. Using Super Duper! to automatically eject the drive looks like this:

Automatically Mount External Drive
Any decent macOS backup utility will have the ability to automatically eject an external drive aftre creating a bootable clone

But, we are putting the cart in front of the horse. The question remains, how to automatically mount the drive. Thankfully, that is also simple. We can use a single command in AppleScript.

One Line AppleScript  to Automatically Mount External Drive

A simple one line AppleScript to make a Mac automatically mount an external drive looks like this:

do shell script "diskutil mount clone"

To make it work you either name your drive ‘clone, or edit the script where it says ’clone’ with the name of the target volume. All that’s left is how to trigger the script. The more you start to peel back the layers on Mac automation, the more you realise how many different options there are. Here are three ways to run the above AppleScript, and automate the mounting of an external drive.

Automatically Mount External Drive with Automator Calendar Alarm

 

The first option is to use Automator, the native Mac app. Automator can utilise the Mac Calendar app to trigger simple MacOS automations with an alarm. Here's how to setup an Automator Calendar Alarm.

  1. Open Automator from your applications
  2. Choose Calendar Alarm
  3. Search the actions on the left for ‘Run AppleScript’ and drag that action across to the workflow editor on the right — or double click
  4. Clear the window and past our single line of AppleScript into the ‘Run AppleScript’ window. Here is that line of code again:

do shell script "diskutil mount clone"

Simple macOS automation using one line of AppleScript
  1. Click on the little hammer icon to compile the script, then save the workflow and give it a name.
  2. As soon as you save the workflow it will open the calendar app with a new entry. All you need to do is move it, and schedule it like you would any other event.
Automatically Mount External Drive
Automator can trigger an alarm in the native Calendar App to automatically mount an external drive
  1. You’re done, have yourself a Pixie Caramel

There is amore convoluted way to do this from the calendar itself, but the result is the same. I recommend building the workflow yourself, simple as it is. But if you’d rather, you can download a copy here

Automatically Mount External Drive with Keyboard Maestro

I would be happy using the Automator workflow above if I didn’t already use Keyboard Maestro. Setting up Keyboard Maestro to trigger the script is easier still. It’s not the kind of thing I suggest you purchase the app for, but the kind of simple use case it is often overlooked for.

 

Keyboard Maestro Macro

Automate AppleScript Launch with Lingon X

Another option is to use Lingon X, a powerful automation utility that can launch practically anything. Lingon X is ideal for a job like this. To use Lingon you ned to save the script itself first.

  1. Launch the native Mac Script Editor from Utiities
  2. Paste the AppleScript into the editor do shell script "diskutil mount clone"
  3. Compile with the little hammer
  4. Save the script
  5. Schedule a new job in Lingon X to run the script before your clone is set to run.
simple macOS automation
Lingon X is a powerful utility for creating simple macOS automation

There is also an App Store version for Lingon available.

Choosing an External Hard Drive for Bootable Clone

The last word on this is doubled edged. You should of course try to be savvy about the external hard drives you buy, but this workflow wouldn’t exist if you could be certain you’ll never buy a lemon. I mentioned in my post on replacing the Apple Airport Extreme that Backblaze keep excellent drive statistics. Understandably, it doesn’t include the kind of portable external hard drives you will likely use for this kind of automated clone backup. I feel well covered with my setup, but I know plenty of people who like to rotate the drives and keep one offsite. Either way, I have always found Seagate Expansion drives to be fast, and reliable. Connected to a Hub, and stashed under the desk to avoid more clutter.

 

The Laptop Locator You Probably Didn’t Know About Could Save You | Backblaze

The Laptop Locator You Probably Didn't Know About Could Save You – Something I haven’t spent enough time on here is the other kind of security, backups. If you’ve never needed anything from a backup you might not fully grok their value, let alone the peace of mind. It only takes one failure. Given the realtime backup capabilities of Backblaze, anything else is a bonus. But as far as bonus features go, you would be hard pressed to find a better one than the Backblaze Locate my Computer feature. This post from their blog highlights a few of the success stories. Where Find my Mac failed, Backblaze was still able to help. 1

While we kept hearing praise and thanks from our customers who were able to recover their data and find their computers, a little while passed before we would hear a story that was as incredible as the ones above. In July of 2016, we received an email from Una who told us one of the most amazing stories of perseverance that we’d ever heard. With the help of Backblaze and a sympathetic constable in Australia, Una tracked her stolen computer’s journey across 6 countries. She got her computer back and we wrote up the whole story: How Una Found Her Stolen Laptop.

Backblaze offers a 15-day free trial, then unlimited backup storage for US$5 per month.

  1. The location map is also encrypted with your private key, so there are no privacy issues either.