Skip to main content

PassphraseSessionStatus

PassphraseSessionStatus reports whether the caller has a cached Argon2id-derived KEK for an organization, when it expires, and the org's current strictness mode (which dictates the TTL).

type PassphraseSessionStatus {
unlocked: Boolean!
expiresAt: Time
strictness: String!
encryptionInUse: Boolean!
}

Fields

PassphraseSessionStatus.unlocked ● Boolean! non-null scalar

Whether a usable KEK is currently cached for the calling user + org.

PassphraseSessionStatus.expiresAt ● Time scalar

When the cached KEK expires. Null when not unlocked or no expiry.

PassphraseSessionStatus.strictness ● String! non-null scalar

The org's current strictness mode (convenience | standard | strict | airgapped).

PassphraseSessionStatus.encryptionInUse ● Boolean! non-null scalar

Whether this org actually uses encryption (trust-policy opt-in OR an org-KW exists). False for pure convenience orgs — the dashboard hides passphrase/lock affordances entirely.

Returned By

lockPassphraseSession mutation ● passphraseSessionStatus query ● unlockPassphraseSession mutation