@Jeffrey Tucker
Thank you for posting in Microsoft Q&A forum.
The recovery key is encrypted in SCCM database, there is no direct query we can use for this.
Have you reviewed below article to try to decrypt it:
https://geekdudes.wordpress.com/2020/03/25/sccm-get-decrypt-bitlocker-recovery-keys-from-the-configmgr-database/
On the other hand, we may try to set up BitLocker portals and use BitLocker administration and monitoring website, the BitLocker administration and monitoring website is an administrative interface for BitLocker Drive Encryption. It's also referred to as the help desk portal. Use this website to review reports, recover users' drives, and manage device TPMs.
For the details:
https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/bitlocker/setup-websites
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.