Skip to main content

createBotRunnerWithPassphrase

Strict / airgapped strictness only. Companion to createBotRunner. Without it, strict-mode orgs can't create runners — the standard createBotRunner mutation fails with ErrPassphraseLocked because the BotRunner.config encrypt hook has no cached KEK and strict mode forbids session-style caching.

Same mechanism as createStrategyWithPassphrase: derive an ephemeral KEK from the passphrase, inject on ctx, run the standard CreateBotRunner resolver under the scoped ctx. Cleanup zeros the KEK on return. Audit: secrets.passphrase.encrypt_with_action, resourceType="BotRunner".

createBotRunnerWithPassphrase(
input: CreateBotRunnerInput!
passphrase: String!
): BotRunner!

Arguments

createBotRunnerWithPassphrase.input ● CreateBotRunnerInput! non-null input

Same shape as CreateBotRunnerInput on the regular mutation.

createBotRunnerWithPassphrase.passphrase ● String! non-null scalar

Plaintext passphrase. Never logged. Zeroed after the operation.

Type

BotRunner object