updateBotConfigWithPassphrase
Strict / airgapped strictness only. Re-encrypts the supplied secure_config (passphrase-leaf paths only) under a freshly-derived KEK and persists it. Same strictness gating as decryptBotConfigOnce.
Audit event: secrets.passphrase.encrypt_with_action.
updateBotConfigWithPassphrase(
botID: ID!
secureConfig: Map!
passphrase: String!
): Bot!
Arguments
updateBotConfigWithPassphrase.botID ● ID! non-null scalar
Bot ID to update.
updateBotConfigWithPassphrase.secureConfig ● Map! non-null scalar
New plaintext secure_config map. The peraction-managed paths (api_server.username/password/jwt_secret_key) are encrypted in-process; other paths are passed through unchanged.
updateBotConfigWithPassphrase.passphrase ● String! non-null scalar
Plaintext passphrase. Never logged. Zeroed after the operation.