GraphQL and password type

Hi there,
I understand GraphQL+ had an extended type called “password”. Looking at the new GraphQL documentation however I couldn’t find any information if there’s also support for encrypted strings (a password scalar).

In the Dgraph Schema Fragment there’s a “directive @secret”. Is this something that will be available in the future?

type User {
    email: String!
    password: Password! @secret

Thank you!


Hi @johannes, yes this is for the encrypted field you may want to have in the data.

Schema looks like:

type Author @secret(field: "pwd") {
	name: String! @id
	token: String

Mutation like:

mutation {
  addAuthor(input:[{name:"myname", pwd:"mypassword"}]){
    author {

Query like (GraphQL± query, I would need to find if there is a corresponding GraphQL query):

query {
  foo(func: eq(, "myname")){
    checkpwd(Author.pwd, "mypassword")

This is quite similar to what we have in GraphQL±.


Is the @secret write only on the graphql endpoint? I can write it with an add* and even patch it with an update* mutation, but I can not filter based off from it that I see. It should be a filter option but not a returnable predicate. Any ETA on this being able to use in filters? Otherwise it is pretty much worthless in a pure GraphQL only application right now.

EDIT: I would like to have it on the get* query because when supplying a password, then you should only be matching against a single user. My use case, I would need a way to make the secret field an optional field and be able to apply an auth rule based upon the password also being present. ie: If no password then the JWT must be for the user otherwise the secret field must be supplied as a variable.

No, you can also check for a password match. There is a separate query that is generated for it.
See this schema and this test to find out.