Skip to main content

createBotWithPassphrase

Strict / airgapped strictness only. Companion to createBot. Without it, strict-mode orgs can't create bots — the standard createBot mutation fails with ErrPassphraseLocked because Bot's secure_config encrypt hook has no cached KEK and strict mode forbids session-style caching.

Same mechanism as createBotRunnerWithPassphrase: derive an ephemeral KEK from the passphrase, inject on ctx, run the standard CreateBot resolver under the scoped ctx. Cleanup zeros the KEK on return. Audit: secrets.passphrase.encrypt_with_action, resourceType="Bot".

createBotWithPassphrase(
input: CreateBotInput!
passphrase: String!
): Bot!

Arguments

createBotWithPassphrase.input ● CreateBotInput! non-null input

Same shape as CreateBotInput on the regular mutation.

createBotWithPassphrase.passphrase ● String! non-null scalar

Plaintext passphrase. Never logged. Zeroed after the operation.

Type

Bot object