Mount encrypted SSD with a terminal command

MBP M1Pro/Monterey 15.3.1

  • I have an encrypted APFS SSD named mySSD that is attached but not mounted
  • my passphrase is xyz
  • I want to mount mySSD with a terminal command
  • The following command works:

diskutil apfs unlockVolume disk5s1 -passphrase xyz

  • However, after rebooting, mySSD is not always disk5s1 (it may be disk9s1 or disk7s1, etc)

  • Is there a way for me to replace disk5s1 in the above terminal command with something that is constant like volume name or UUID or anything else?

  • My end point is to use this in keyboard maestro

  • I am a beginner level (ie dangerous) user of the terminal

I don’t have an encrypted drive to test but the diskutil mount command still works so

diskutil mount mySSD

may take care of that part.

1 Like

Thanks for the suggestion but that doesn’t seem to work for an encrypted APFS SSD. the terminal shows an error then the following explanation: This is an encrypted and locked APFS Volume; use “diskutil apfs unlockVolume”

1 Like

diskutil apfs unlockVolume will create a new virtual /dev/diskX volume that you can mount with disktuil mount. The new virtual volume will show with the “synthesized” tag in diskutil list.

Please bear with me because of this:

diskutil list:

diskutil mount disk9s1

This works:
diskutil apfs unlockVolume disk9s1 -passphrase xyz

But, is there some method to replace disk9s1 with the APFS volume name (in this case “Arq 4TB”) or a UUID, or is disk9s1 required?

I hope I am clear. Thank you.

You could use a shell script to run diskutil list, grep the disk name and extract the last column (the device file), then pass that info to diskutil apsf unlockVolume.

Makes for a fun Sunday Afternoon in Stackoverflow learning shell scripting.

Edit: also, not being pedantic, I’m away fro. The computer.

1 Like

And, it’s good for the brain, correct? :grinning:
Guess I’m gonna learn grepping, extracting, and passing. :drooling_face:
Thank you.

Some ideas for a quick and dirty script file, sure others can make it more robust:

#!/usr/bin/env zsh
DEVICE=`diskutil list | grep "Arq 4TB" | cut -c 71-`
echo diskutil apfs unlockVolume $DEVICE -passphrase xyz

Just remove the ‘echo’ if everything seems ok to run the proper command.

As you are a dangerous terminal user, I would suggest to first try the stuff (i.e. creating and debugging the script file, giving it execution permissions and so on) in the terminal before attempting to run it from Keyboard Maestro.


Thanks for sending this. I appreciate you taking your time to do this. I tested in terminal using the SSD “myClone”.

This works to show the last column for the entire file:

diskutil list | cut -c 71-

When I run this nothing is returned:

diskutil list | grep “myClone” | cut -c 71-

However, while researching this stuff I found a method to use a Volume/Partition UUID. I used the following to get the Volume/Partition UUID:

diskutil apfs list

I used the Volume/Partition UUID in the following:

diskutil apfs unlockVolume xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx5932 -passphrase xyz 

(Note: may need to scroll horizontally to see the entire script, above)

The volume/partition UUID (blue) remains constant whereas the APFS Volume disk (red) may (or may not change) after reboots.

I can now run this script in Keyboard Maestro and it should always mount the proper disk.

Again, my thanks to @pantulis, @laconic, and @WayneG for your help.