We are looking to automate all use cases of fscrypt for our customer. One of the scenarios we need to account for is key rotation of the protector key. The commands to add and remove protector keys both require the policy ID and the protector ID. In order for us to satisfy the request for everything being automated, we would need a command to fetch these IDs. Currently our only option for a workaround would be to parse the response returned from "fscrypt status", however this isn't best practice.
We are looking to automate all use cases of fscrypt for our customer. One of the scenarios we need to account for is key rotation of the protector key. The commands to add and remove protector keys both require the policy ID and the protector ID. In order for us to satisfy the request for everything being automated, we would need a command to fetch these IDs. Currently our only option for a workaround would be to parse the response returned from "fscrypt status", however this isn't best practice.