updateStrategyWithPassphrase
Strict / airgapped strictness only. Full-field strict-mode save — supersedes updateStrategyCodeWithPassphrase, which only handled the code column and silently dropped UI Builder / Freqtrade config / name / description changes.
Mechanism mirrors createStrategyWithPassphrase: derive an ephemeral KEK from the supplied passphrase, inject it on ctx via peraction.WithEphemeralKEK, then call the standard UpdateStrategy resolver under the scoped ctx. The existing encrypt hooks on code, config, ui_builder_config, and analysis pick up the KEK and produce passphrase-v1 envelopes on every encrypted column; the in-place fields (name, description, builderMode, etc.) round-trip unchanged. The cache is zeroed and detached on Save return.
Audit event: secrets.passphrase.encrypt_with_action keyed on resourceType="Strategy" + resourceID=<strategyID>.
updateStrategyWithPassphrase(
strategyID: ID!
input: UpdateStrategyInput!
passphrase: String!
): Strategy!
Arguments
updateStrategyWithPassphrase.strategyID ● ID! non-null scalar
Strategy ID to update.
updateStrategyWithPassphrase.input ● UpdateStrategyInput! non-null input
Same shape as UpdateStrategyInput on the regular mutation.
updateStrategyWithPassphrase.passphrase ● String! non-null scalar
Plaintext passphrase. Never logged. Zeroed after the operation.