seal

user.security.seal

Evicts the caller’s master key from the server’s in-memory KMS cache. After sealing, any further encrypted operation (document/file read or write) will fail until the user calls unseal again.

Use this when the user logs out, switches context, or after a period of inactivity — the JWT session can live longer than the unseal cache.

Auth

Bearer JWT required.

GraphQL

mutation {
  user {
    security {
      seal
    }
  }
}

Returns true if a master key was cached and has now been evicted, false if no key was cached to begin with.

curl

curl -X POST https://api.test.geena.eu/graphql \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"query":"mutation { user { security { seal } } }"}'

Response

{ "data": { "user": { "security": { "seal": true } } } }