Skip to main content

updateBotConfigWithPassphrase

Strict / airgapped strictness only. Re-encrypts the supplied secure_config (passphrase-leaf paths only) under a freshly-derived KEK and persists it. Same strictness gating as decryptBotConfigOnce.

Audit event: secrets.passphrase.encrypt_with_action.

updateBotConfigWithPassphrase(
botID: ID!
secureConfig: Map!
passphrase: String!
): Bot!

Arguments

updateBotConfigWithPassphrase.botID ● ID! non-null scalar

Bot ID to update.

updateBotConfigWithPassphrase.secureConfig ● Map! non-null scalar

New plaintext secure_config map. The peraction-managed paths (api_server.username/password/jwt_secret_key) are encrypted in-process; other paths are passed through unchanged.

updateBotConfigWithPassphrase.passphrase ● String! non-null scalar

Plaintext passphrase. Never logged. Zeroed after the operation.

Type

Bot object