macOS Device Erase Script

Problem Overview

When a macOS device is lost, stolen, decommissioned, or repurposed, IT professionals need a reliable way to erase sensitive data. Manually wiping a device is time-consuming and prone to human error. This script automates secure device erasure, reducing the risk of unauthorized access to corporate or personal information while ensuring compliance with security policies.

Description

This script securely wipes critical user and system data, including:

• User & System Data Removal – Recursively deletes all user profiles, applications, and system libraries.
• Credential & Network Erasure – Removes saved VPN credentials, Wi-Fi networks, macOS Keychain passwords, and SSH keys.
• Browser & Application Data Wipe – Clears Chrome, Outlook, and other locally stored application data.
• Full System Cleanup – Deletes all installed applications and system libraries, leaving the system in an unrecoverable state.

This script is highly destructive and should only be used when full data removal is necessary.

Script

#!/bin/bash

# This resource is provided as a convenience for Level users. We cannot 
# guarantee it will work in all environments. Please test before deploying 
# to your production environment. We welcome contributions to our community 
# library

# Level Library
# https://level.io/library/script-macos-device-erase-script


# WARNING: Dangerous operation - Recursively delete files and directories for all users
rm -rf /Users/*
rm -rf /Applications/*
rm -rf /Library/*

# Clear Browser Data (Example for Chrome, modify for other browsers as needed)
rm -rf ~/Library/Application\ Support/Google/Chrome/*

# Clear Outlook Data (Modify the path if different)
rm -rf ~/Library/Application\ Support/Microsoft/Outlook/*

# Remove VPN Credentials (Example for a specific VPN client, modify as needed)
rm -f Path/To/VPN/Credentials/Store

# Remove Saved Wi-Fi Networks
# Requires administrator password
networksetup -removeallpreferredwirelessnetworks en0

# Remove macOS Keychain (Stores passwords and account information)
# WARNING: This will delete ALL saved passwords and cannot be undone
security delete-keychain login.keychain

# Remove SSH Keys (if applicable)
rm -rf ~/.ssh/*

Use Cases

• Lost or Stolen macOS Device Protection – Erase compromised devices remotely.
• Decommissioning Old Hardware – Securely wipe macOS devices before disposal or repurposing.
• Security Incident Response – Quickly remove sensitive data during a security breach.
• Regulatory Compliance – Ensure data is erased per security policies and compliance requirements.
• Automated IT Asset Management – Integrate with Level’s automation to trigger wipes under specific conditions.

Recommendations

• Pair with Lost/Stolen Endpoint Automation – Automate execution when a device is flagged as missing.
• Test Before Deployment – Run in a controlled environment before use in production.
• Use with Extreme Caution – This script is irreversible and will completely erase all user and system data.
• Modify for Specific Needs – Customize paths for browser data, VPN credentials, or other application data if needed.

FAQ

• Can I recover data after running this script?
  ‍No. This script is designed to permanently delete files, making data recovery highly unlikely.

• Does this script format the drive?
  ‍No, but it recursively deletes all user and system files. A full format would require diskutil eraseDisk.

• Can this be executed remotely?
  ‍Yes, it can be triggered remotely via Level’s automation framework.

• What if I only want to erase specific user data but not the entire system?
  ‍Modify the script to exclude /Applications/* and /Library/* deletions and target only user data.

• Will this remove FileVault encryption?
  ‍No, FileVault encryption remains intact, but all data inside the encrypted volume will be deleted.

• Is this script compliant with security regulations like GDPR or HIPAA?
  ‍While it securely erases data, compliance depends on your organization’s policies. For complete compliance, consider additional secure wipe methods such as diskutil secureErase.