PassphraseSessionStatus
PassphraseSessionStatus reports whether the caller has a cached Argon2id-derived KEK for an organization, when it expires, and the org's current strictness mode (which dictates the TTL).
type PassphraseSessionStatus {
unlocked: Boolean!
expiresAt: Time
strictness: String!
encryptionInUse: Boolean!
}
Fields
PassphraseSessionStatus.unlocked ● Boolean! non-null scalar
Whether a usable KEK is currently cached for the calling user + org.
PassphraseSessionStatus.expiresAt ● Time scalar
When the cached KEK expires. Null when not unlocked or no expiry.
PassphraseSessionStatus.strictness ● String! non-null scalar
The org's current strictness mode (convenience | standard | strict | airgapped).
PassphraseSessionStatus.encryptionInUse ● Boolean! non-null scalar
Whether this org actually uses encryption (trust-policy opt-in OR an org-KW exists). False for pure convenience orgs — the dashboard hides passphrase/lock affordances entirely.
Returned By
lockPassphraseSession mutation ● passphraseSessionStatus query ● unlockPassphraseSession mutation