updateBotRunnerConfigWithPassphrase
Strict / airgapped strictness only. Re-encrypts the supplied config (passphrase-leaf paths only) under a freshly-derived KEK and persists it.
Audit event: secrets.passphrase.encrypt_with_action.
updateBotRunnerConfigWithPassphrase(
runnerID: ID!
config: Map!
passphrase: String!
): BotRunner!
Arguments
updateBotRunnerConfigWithPassphrase.runnerID ● ID! non-null scalar
BotRunner ID to update.
updateBotRunnerConfigWithPassphrase.config ● Map! non-null scalar
New plaintext config map.
updateBotRunnerConfigWithPassphrase.passphrase ● String! non-null scalar
Plaintext passphrase. Never logged. Zeroed after the operation.