diff --git a/src/applications/passphrase/conduit/PassphraseQueryConduitAPIMethod.php b/src/applications/passphrase/conduit/PassphraseQueryConduitAPIMethod.php
--- a/src/applications/passphrase/conduit/PassphraseQueryConduitAPIMethod.php
+++ b/src/applications/passphrase/conduit/PassphraseQueryConduitAPIMethod.php
@@ -11,13 +11,17 @@
     return pht('Query credentials.');
   }
 
+  public function newQueryObject() {
+    return new PassphraseCredentialQuery();
+  }
+
   protected function defineParamTypes() {
     return array(
-      'ids'           => 'optional list<int>',
-      'phids'         => 'optional list<phid>',
-      'needSecrets'   => 'optional bool',
-      'needPublicKeys'   => 'optional bool',
-    ) + $this->getPagerParamTypes();
+      'ids' => 'optional list<int>',
+      'phids' => 'optional list<phid>',
+      'needSecrets' => 'optional bool',
+      'needPublicKeys' => 'optional bool',
+    );
   }
 
   protected function defineReturnType() {
@@ -25,8 +29,7 @@
   }
 
   protected function execute(ConduitAPIRequest $request) {
-    $query = id(new PassphraseCredentialQuery())
-      ->setViewer($request->getUser());
+    $query = $this->newQueryForRequest($request);
 
     if ($request->getValue('ids')) {
       $query->withIDs($request->getValue('ids'));
@@ -58,14 +61,22 @@
           $credential);
       }
 
+      $material = array();
+
       $secret = null;
       if ($request->getValue('needSecrets')) {
         if ($credential->getAllowConduit()) {
-          $secret = $credential->getSecret()->openEnvelope();
+          $secret = $credential->getSecret();
+          if ($secret) {
+            $secret = $secret->openEnvelope();
+          } else {
+            $material['destroyed'] = pht(
+              'The private material for this credential has been '.
+              'destroyed.');
+          }
         }
       }
 
-      $material = array();
       switch ($credential->getCredentialType()) {
         case PassphraseCredentialTypeSSHPrivateKeyFile::CREDENTIAL_TYPE:
           if ($secret) {
@@ -93,8 +104,8 @@
 
       if (!$credential->getAllowConduit()) {
         $material['noAPIAccess'] = pht(
-          'This credential\'s private material '.
-          'is not accessible via API calls.');
+          'This private material for this credential is not accessible via '.
+          'API calls.');
       }
 
       $results[$credential->getPHID()] = array(
@@ -102,6 +113,7 @@
         'phid' => $credential->getPHID(),
         'type' => $credential->getCredentialType(),
         'name' => $credential->getName(),
+        'description' => $credential->getDescription(),
         'uri' =>
           PhabricatorEnv::getProductionURI('/'.$credential->getMonogram()),
         'monogram' => $credential->getMonogram(),