updateExchangeConfigWithPassphrase
Strict / airgapped strictness only. Re-encrypts the supplied config (passphrase-leaf paths only) under a freshly-derived KEK and persists it. Same strictness gating as decryptExchangeConfigOnce.
Audit event: secrets.passphrase.encrypt_with_action.
updateExchangeConfigWithPassphrase(
exchangeID: ID!
config: Map!
passphrase: String!
): Exchange!
Arguments
updateExchangeConfigWithPassphrase.exchangeID ● ID! non-null scalar
Exchange ID to update.
updateExchangeConfigWithPassphrase.config ● Map! non-null scalar
New plaintext config map. The peraction-managed paths are encrypted in-process; other paths pass through unchanged.
updateExchangeConfigWithPassphrase.passphrase ● String! non-null scalar
Plaintext passphrase. Never logged. Zeroed after the operation.