setOrgPassphrase
Installs the organization's first passphrase. Hashes via Argon2id and stores only the verifier — the passphrase itself is never persisted. Emits a passphrase_set SecurityAuditEvent. Returns true on success, error if a passphrase already exists (use changeOrgPassphrase, coming in a follow-up, to rotate). Requires manage-trust-policy because installing the passphrase changes the org's encryption posture.
setOrgPassphrase(
orgID: String!
passphrase: String!
): Boolean!
Arguments
setOrgPassphrase.orgID ● String! non-null scalar
Keycloak organization alias.
setOrgPassphrase.passphrase ● String! non-null scalar
Plain-text passphrase — minimum 12 characters enforced server-side. Never logged.
Type
Boolean scalar
The Boolean scalar type represents true or false.