kuzzle 2.19.2 → 2.19.3

package/lib/kuzzle/kuzzle.js

@@ -80,20 +80,20 @@ const package_json_1 = require("../../package.json");
 const name_generator_1 = require("../util/name-generator");
 const openapi_1 = require("../api/openapi");
 const crypto_1 = require("../util/crypto");
-exports.BACKEND_IMPORT_KEY = 'backend:init:import';
+exports.BACKEND_IMPORT_KEY = "backend:init:import";
 let _kuzzle = null;
-Reflect.defineProperty(global, 'kuzzle', {
+Reflect.defineProperty(global, "kuzzle", {
     configurable: true,
     enumerable: false,
     get() {
         if (_kuzzle === null) {
-            throw new Error('Kuzzle instance not found. Did you try to use a live-only feature before starting your application?');
+            throw new Error("Kuzzle instance not found. Did you try to use a live-only feature before starting your application?");
         }
         return _kuzzle;
     },
     set(value) {
         if (_kuzzle !== null) {
-            throw new Error('Cannot build a Kuzzle instance: another one already exists');
+            throw new Error("Cannot build a Kuzzle instance: another one already exists");
         }
         _kuzzle = value;
     },
@@ -106,7 +106,7 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
         this._state = kuzzleStateEnum_1.default.STARTING;
         this.config = config;
         this.log = new log_1.default();
-        this.rootPath = path_1.default.resolve(path_1.default.join(__dirname, '../..'));
+        this.rootPath = path_1.default.resolve(path_1.default.join(__dirname, "../.."));
         this.internalIndex = new internalIndexHandler_1.default();
         this.pluginsManager = new pluginsManager_1.default();
         this.tokenManager = new tokenManager_1.TokenManager();
@@ -139,18 +139,18 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
         this.registerSignalHandlers();
         try {
             this.log.info(`[ℹ] Starting Kuzzle ${this.version} ...`);
-            await this.pipe('kuzzle:state:start');
+            await this.pipe("kuzzle:state:start");
             // Koncorde realtime engine
             this.koncorde = new koncorde_1.Koncorde({
                 maxConditions: this.config.limits.subscriptionConditionsCount,
-                regExpEngine: this.config.realtime.pcreSupport ? 'js' : 're2',
-                seed: this.config.internal.hash.seed
+                regExpEngine: this.config.realtime.pcreSupport ? "js" : "re2",
+                seed: this.config.internal.hash.seed,
             });
-            await (new cacheEngine_1.default()).init();
-            await (new storageEngine_1.default()).init();
-            await (new realtime_1.default()).init();
+            await new cacheEngine_1.default().init();
+            await new storageEngine_1.default().init();
+            await new realtime_1.default().init();
             await this.internalIndex.init();
-            await (new security_1.default()).init();
+            await new security_1.default().init();
             // This will init the cluster module if enabled
             this.id = await this.initKuzzleNode();
             // Secret used to generate JWTs
@@ -166,24 +166,24 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
             await this.entryPoint.init();
             this.pluginsManager.application = application;
             await this.pluginsManager.init(options.plugins);
-            this.log.info(`[✔] Successfully loaded ${this.pluginsManager.loadedPlugins.length} plugins: ${this.pluginsManager.loadedPlugins.join(', ')}`);
+            this.log.info(`[✔] Successfully loaded ${this.pluginsManager.loadedPlugins.length} plugins: ${this.pluginsManager.loadedPlugins.join(", ")}`);
             // Authentification plugins must be loaded before users import to avoid
             // credentials related error which would prevent Kuzzle from starting
             await this.loadInitialState(options.import, options.support);
-            await this.ask('core:security:verify');
+            await this.ask("core:security:verify");
             this.router.init();
-            this.log.info('[✔] Core components loaded');
+            this.log.info("[✔] Core components loaded");
             await this.install(options.installations);
             this.log.info(`[✔] Start "${this.pluginsManager.application.name}" application`);
             this.openApiManager = new openapi_1.OpenApiManager(application.openApi, this.config.http.routes, this.pluginsManager.routes);
             // @deprecated
-            await this.pipe('kuzzle:start');
-            await this.pipe('kuzzle:state:live');
+            await this.pipe("kuzzle:start");
+            await this.pipe("kuzzle:state:live");
             await this.entryPoint.startListening();
-            await this.pipe('kuzzle:state:ready');
+            await this.pipe("kuzzle:state:ready");
             this.log.info(`[✔] Kuzzle ${this.version} is ready (node name: ${this.id})`);
             // @deprecated
-            this.emit('core:kuzzleStart', 'Kuzzle is ready to accept requests');
+            this.emit("core:kuzzleStart", "Kuzzle is ready to accept requests");
             this._state = kuzzleStateEnum_1.default.RUNNING;
         }
         catch (error) {
@@ -199,12 +199,12 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
     async initKuzzleNode() {
         let id;
         if (this.config.cluster.enabled) {
-            id = await (new cluster_1.default()).init();
-            this.log.info('[✔] Cluster initialized');
+            id = await new cluster_1.default().init();
+            this.log.info("[✔] Cluster initialized");
         }
         else {
-            id = name_generator_1.NameGenerator.generateRandomName({ prefix: 'knode' });
-            this.log.info('[X] Cluster disabled: single node mode.');
+            id = name_generator_1.NameGenerator.generateRandomName({ prefix: "knode" });
+            this.log.info("[X] Cluster disabled: single node mode.");
         }
         return id;
     }
@@ -215,17 +215,17 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
      */
     async shutdown() {
         this._state = kuzzleStateEnum_1.default.SHUTTING_DOWN;
-        this.log.info('Initiating shutdown...');
+        this.log.info("Initiating shutdown...");
         // Ask the network layer to stop accepting new request
-        this.entryPoint.dispatch('shutdown');
-        await this.pipe('kuzzle:shutdown');
+        this.entryPoint.dispatch("shutdown");
+        await this.pipe("kuzzle:shutdown");
         // @deprecated
-        this.emit('core:shutdown');
+        this.emit("core:shutdown");
         while (this.funnel.remainingRequests !== 0) {
             this.log.info(`[shutdown] Waiting: ${this.funnel.remainingRequests} remaining requests`);
             await bluebird_1.default.delay(1000);
         }
-        this.log.info('Halted.');
+        this.log.info("Halted.");
         process.exit(0);
     }
     /**
@@ -239,22 +239,22 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
         if (!installations || !installations.length) {
             return;
         }
-        const mutex = new mutex_1.Mutex('backend:installations');
+        const mutex = new mutex_1.Mutex("backend:installations");
         await mutex.lock();
         try {
             for (const installation of installations) {
-                const isAlreadyInstalled = await this.ask('core:storage:private:document:exist', 'kuzzle', 'installations', installation.id);
+                const isAlreadyInstalled = await this.ask("core:storage:private:document:exist", "kuzzle", "installations", installation.id);
                 if (!isAlreadyInstalled) {
                     try {
                         await installation.handler();
                     }
                     catch (error) {
-                        throw kerror.get('plugin', 'runtime', 'unexpected_installation_error', installation.id, error);
+                        throw kerror.get("plugin", "runtime", "unexpected_installation_error", installation.id, error);
                     }
-                    await this.ask('core:storage:private:document:create', 'kuzzle', 'installations', {
+                    await this.ask("core:storage:private:document:create", "kuzzle", "installations", {
                         description: installation.description,
                         handler: installation.handler.toString(),
-                        installedAt: Date.now()
+                        installedAt: Date.now(),
                     }, { id: installation.id });
                     this.log.info(`[✔] Install code "${installation.id}" successfully executed`);
                 }
@@ -282,19 +282,19 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
         }
         const toImport = config.toImport;
         if (!lodash_1.default.isEmpty(toImport.userMappings)) {
-            await this.internalIndex.updateMapping('users', toImport.userMappings);
-            await this.internalIndex.refreshCollection('users');
-            this.log.info('[✔] User mappings import successful');
+            await this.internalIndex.updateMapping("users", toImport.userMappings);
+            await this.internalIndex.refreshCollection("users");
+            this.log.info("[✔] User mappings import successful");
         }
     }
     async importMappings(config, status) {
         const toImport = config.toImport;
         const toSupport = config.toSupport;
         if (!lodash_1.default.isEmpty(toSupport.mappings) && !lodash_1.default.isEmpty(toImport.mappings)) {
-            throw kerror.get('plugin', 'runtime', 'incompatible', '_support.mappings', 'import.mappings');
+            throw kerror.get("plugin", "runtime", "incompatible", "_support.mappings", "import.mappings");
         }
         else if (!lodash_1.default.isEmpty(toSupport.mappings)) {
-            await this.ask('core:storage:public:mappings:import', toSupport.mappings, {
+            await this.ask("core:storage:public:mappings:import", toSupport.mappings, {
                 /**
                  * If it's the first time the mapping are loaded and another node is already importing the mapping into the database
                  * we just want to load the mapping in our own index cache and not in the database.
@@ -304,10 +304,10 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
                 rawMappings: true,
                 refresh: true,
             });
-            this.log.info('[✔] Mappings import successful');
+            this.log.info("[✔] Mappings import successful");
         }
         else if (!lodash_1.default.isEmpty(toImport.mappings)) {
-            await this.ask('core:storage:public:mappings:import', toImport.mappings, {
+            await this.ask("core:storage:public:mappings:import", toImport.mappings, {
                 /**
                  * If it's the first time the mapping are loaded and another node is already importing the mapping into the database
                  * we just want to load the mapping in our own index cache and not in the database.
@@ -316,7 +316,7 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
                 propagate: false,
                 refresh: true,
             });
-            this.log.info('[✔] Mappings import successful');
+            this.log.info("[✔] Mappings import successful");
         }
     }
     async importFixtures(config, status) {
@@ -325,8 +325,8 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
         }
         const toSupport = config.toSupport;
         if (!lodash_1.default.isEmpty(toSupport.fixtures)) {
-            await this.ask('core:storage:public:document:import', toSupport.fixtures);
-            this.log.info('[✔] Fixtures import successful');
+            await this.ask("core:storage:public:document:import", toSupport.fixtures);
+            this.log.info("[✔] Fixtures import successful");
         }
     }
     async importPermissions(config, status) {
@@ -335,34 +335,34 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
         }
         const toImport = config.toImport;
         const toSupport = config.toSupport;
-        const isPermissionsToImport = !(lodash_1.default.isEmpty(toImport.profiles)
-            && lodash_1.default.isEmpty(toImport.roles)
-            && lodash_1.default.isEmpty(toImport.users));
-        const isPermissionsToSupport = toSupport.securities
-            && !(lodash_1.default.isEmpty(toSupport.securities.profiles)
-                && lodash_1.default.isEmpty(toSupport.securities.roles)
-                && lodash_1.default.isEmpty(toSupport.securities.users));
+        const isPermissionsToImport = !(lodash_1.default.isEmpty(toImport.profiles) &&
+            lodash_1.default.isEmpty(toImport.roles) &&
+            lodash_1.default.isEmpty(toImport.users));
+        const isPermissionsToSupport = toSupport.securities &&
+            !(lodash_1.default.isEmpty(toSupport.securities.profiles) &&
+                lodash_1.default.isEmpty(toSupport.securities.roles) &&
+                lodash_1.default.isEmpty(toSupport.securities.users));
         if (isPermissionsToSupport && isPermissionsToImport) {
-            throw kerror.get('plugin', 'runtime', 'incompatible', '_support.securities', 'import profiles roles or users');
+            throw kerror.get("plugin", "runtime", "incompatible", "_support.securities", "import profiles roles or users");
         }
         else if (isPermissionsToSupport) {
-            await this.ask('core:security:load', toSupport.securities, {
+            await this.ask("core:security:load", toSupport.securities, {
                 force: true,
-                refresh: 'wait_for'
+                refresh: "wait_for",
             });
-            this.log.info('[✔] Securities import successful');
+            this.log.info("[✔] Securities import successful");
         }
         else if (isPermissionsToImport) {
-            await this.ask('core:security:load', {
+            await this.ask("core:security:load", {
                 profiles: toImport.profiles,
                 roles: toImport.roles,
                 users: toImport.users,
             }, {
                 onExistingUsers: toImport.onExistingUsers,
                 onExistingUsersWarning: true,
-                refresh: 'wait_for',
+                refresh: "wait_for",
             });
-            this.log.info('[✔] Permissions import successful');
+            this.log.info("[✔] Permissions import successful");
         }
     }
     /**
@@ -372,7 +372,7 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
         const importTypes = Object.keys(this.importTypes);
         for (const importType of importTypes) {
             // If the import is done, we pop it from the queue to check the next one
-            if (await this.ask('core:cache:internal:get', `${exports.BACKEND_IMPORT_KEY}:${importType}`)) {
+            if (await this.ask("core:cache:internal:get", `${exports.BACKEND_IMPORT_KEY}:${importType}`)) {
                 return;
             }
             await bluebird_1.default.delay(1000);
@@ -387,14 +387,14 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
      * @returns {Promise<void>}
      */
     async loadInitialState(toImport = {}, toSupport = {}) {
-        if (lodash_1.default.isEmpty(toImport.mappings)
-            && lodash_1.default.isEmpty(toImport.profiles)
-            && lodash_1.default.isEmpty(toImport.roles)
-            && lodash_1.default.isEmpty(toImport.userMappings)
-            && lodash_1.default.isEmpty(toImport.users)
-            && lodash_1.default.isEmpty(toSupport.fixtures)
-            && lodash_1.default.isEmpty(toSupport.mappings)
-            && lodash_1.default.isEmpty(toSupport.securities)) {
+        if (lodash_1.default.isEmpty(toImport.mappings) &&
+            lodash_1.default.isEmpty(toImport.profiles) &&
+            lodash_1.default.isEmpty(toImport.roles) &&
+            lodash_1.default.isEmpty(toImport.userMappings) &&
+            lodash_1.default.isEmpty(toImport.users) &&
+            lodash_1.default.isEmpty(toSupport.fixtures) &&
+            lodash_1.default.isEmpty(toSupport.mappings) &&
+            lodash_1.default.isEmpty(toSupport.securities)) {
             return;
         }
         const lockedMutex = [];
@@ -402,23 +402,23 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
             for (const [type, importMethod] of Object.entries(this.importTypes)) {
                 const importPayload = {};
                 switch (type) {
-                    case 'fixtures':
-                        lodash_1.default.set(importPayload, 'toSupport.fixtures', toSupport.fixtures);
+                    case "fixtures":
+                        lodash_1.default.set(importPayload, "toSupport.fixtures", toSupport.fixtures);
                         break;
-                    case 'mappings':
-                        lodash_1.default.set(importPayload, 'toSupport.mappings', toSupport.mappings);
-                        lodash_1.default.set(importPayload, 'toImport.mappings', toImport.mappings);
+                    case "mappings":
+                        lodash_1.default.set(importPayload, "toSupport.mappings", toSupport.mappings);
+                        lodash_1.default.set(importPayload, "toImport.mappings", toImport.mappings);
                         break;
-                    case 'permissions':
-                        lodash_1.default.set(importPayload, 'toSupport.securities', toSupport.securities);
-                        lodash_1.default.set(importPayload, 'toImport.profiles', toImport.profiles);
-                        lodash_1.default.set(importPayload, 'toImport.roles', toImport.roles);
-                        lodash_1.default.set(importPayload, 'toImport.users', toImport.users);
+                    case "permissions":
+                        lodash_1.default.set(importPayload, "toSupport.securities", toSupport.securities);
+                        lodash_1.default.set(importPayload, "toImport.profiles", toImport.profiles);
+                        lodash_1.default.set(importPayload, "toImport.roles", toImport.roles);
+                        lodash_1.default.set(importPayload, "toImport.users", toImport.users);
                         break;
                 }
                 const importPayloadHash = (0, crypto_1.sha256)((0, json_stable_stringify_1.default)(importPayload));
                 const mutex = new mutex_1.Mutex(`backend:import:${type}`, { timeout: 0 });
-                const existingHash = await this.ask('core:cache:internal:get', `${exports.BACKEND_IMPORT_KEY}:${type}`);
+                const existingHash = await this.ask("core:cache:internal:get", `${exports.BACKEND_IMPORT_KEY}:${type}`);
                 const initialized = existingHash === importPayloadHash;
                 const locked = await mutex.lock();
                 await importMethod({ toImport, toSupport }, {
@@ -428,14 +428,14 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
                 });
                 if (!initialized && locked) {
                     lockedMutex.push(mutex);
-                    await this.ask('core:cache:internal:store', `${exports.BACKEND_IMPORT_KEY}:${type}`, importPayloadHash);
+                    await this.ask("core:cache:internal:store", `${exports.BACKEND_IMPORT_KEY}:${type}`, importPayloadHash);
                 }
             }
             await this._waitForImportToFinish();
-            this.log.info('[✔] Import successful');
+            this.log.info("[✔] Import successful");
         }
         finally {
-            await Promise.all(lockedMutex.map(mutex => mutex.unlock()));
+            await Promise.all(lockedMutex.map((mutex) => mutex.unlock()));
         }
     }
     dump(suffix) {
@@ -444,22 +444,22 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
     hash(input) {
         let inString;
         switch (typeof input) {
-            case 'string':
-            case 'number':
-            case 'boolean':
+            case "string":
+            case "number":
+            case "boolean":
                 inString = input;
                 break;
             default:
                 inString = (0, json_stable_stringify_1.default)(input);
         }
-        return (0, murmurhash_native_1.murmurHash128)(Buffer.from(inString), 'hex', this.config.internal.hash.seed);
+        return (0, murmurhash_native_1.murmurHash128)(Buffer.from(inString), "hex", this.config.internal.hash.seed);
     }
     get state() {
         return this._state;
     }
     set state(value) {
         this._state = value;
-        this.emit('kuzzle:state:change', value);
+        this.emit("kuzzle:state:change", value);
     }
     /**
      * Register handlers and do a kuzzle dump for:
@@ -468,8 +468,8 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
      * - uncaught-exception
      */
     registerSignalHandlers() {
-        process.removeAllListeners('unhandledRejection');
-        process.on('unhandledRejection', (reason, promise) => {
+        process.removeAllListeners("unhandledRejection");
+        process.on("unhandledRejection", (reason, promise) => {
             if (reason !== undefined) {
                 if (reason instanceof Error) {
                     this.log.error(`ERROR: unhandledRejection: ${reason.message}. Reason: ${reason.stack}`);
@@ -484,33 +484,33 @@ class Kuzzle extends kuzzleEventEmitter_1.default {
             // Crashing on an unhandled rejection is a good idea during development
             // as it helps spotting code errors. And according to the warning messages,
             // this is what Node.js will do automatically in future versions anyway.
-            if (global.NODE_ENV === 'development') {
-                this.log.error('Kuzzle caught an unhandled rejected promise and will shutdown.');
+            if (global.NODE_ENV === "development") {
+                this.log.error("Kuzzle caught an unhandled rejected promise and will shutdown.");
                 this.log.error('This behavior is only triggered if global.NODE_ENV is set to "development"');
                 throw reason;
             }
         });
-        process.removeAllListeners('uncaughtException');
-        process.on('uncaughtException', err => {
+        process.removeAllListeners("uncaughtException");
+        process.on("uncaughtException", (err) => {
             this.log.error(`ERROR: uncaughtException: ${err.message}\n${err.stack}`);
-            this.dumpAndExit('uncaught-exception');
+            this.dumpAndExit("uncaught-exception");
         });
         // abnormal termination signals => generate a core dump
-        for (const signal of ['SIGQUIT', 'SIGABRT']) {
+        for (const signal of ["SIGQUIT", "SIGABRT"]) {
             process.removeAllListeners(signal);
             process.on(signal, () => {
                 this.log.error(`ERROR: Caught signal: ${signal}`);
-                this.dumpAndExit('signal-'.concat(signal.toLowerCase()));
+                this.dumpAndExit("signal-".concat(signal.toLowerCase()));
             });
         }
         // signal SIGTRAP is used to generate a kuzzle dump without stopping it
-        process.removeAllListeners('SIGTRAP');
-        process.on('SIGTRAP', () => {
-            this.log.error('Caught signal SIGTRAP => generating a core dump');
-            this.dump('signal-sigtrap');
+        process.removeAllListeners("SIGTRAP");
+        process.on("SIGTRAP", () => {
+            this.log.error("Caught signal SIGTRAP => generating a core dump");
+            this.dump("signal-sigtrap");
         });
         // gracefully exits on normal termination
-        for (const signal of ['SIGINT', 'SIGTERM']) {
+        for (const signal of ["SIGINT", "SIGTERM"]) {
             process.removeAllListeners(signal);
             process.on(signal, () => {
                 this.log.info(`Caught signal ${signal} => gracefully exit`);

package/lib/kuzzle/kuzzleStateEnum.js

@@ -19,7 +19,7 @@
  * limitations under the License.
  */
 
-'use strict';
+"use strict";
 
 /**
  * @typedef {number} kuzzleStateEnum

package/lib/kuzzle/log.js

@@ -19,25 +19,25 @@
  * limitations under the License.
  */
 
-'use strict';
+"use strict";
 
 class Logger {
-  constructor () {
-    this.logMethods = ['info', 'warn', 'error', 'silly', 'debug', 'verbose'];
+  constructor() {
+    this.logMethods = ["info", "warn", "error", "silly", "debug", "verbose"];
 
     this.failsafeModeString = global.kuzzle.config.plugins.common.failsafeMode
-      ? '[FAILSAFE MODE] '
-      : '';
+      ? "[FAILSAFE MODE] "
+      : "";
 
     this._useConsole();
 
-    global.kuzzle.once('core:kuzzleStart', this._useLogger.bind(this));
+    global.kuzzle.once("core:kuzzleStart", this._useLogger.bind(this));
   }
 
-  _useConsole () {
+  _useConsole() {
     // until kuzzle has started, use the console to print logs
     for (const method of this.logMethods) {
-      this[method] = message => {
+      this[method] = (message) => {
         /* eslint-disable-next-line no-console */
         const writer = console[method] || console.log;
 
@@ -46,20 +46,25 @@ class Logger {
     }
   }
 
-  _useLogger () {
-
+  _useLogger() {
     // when kuzzle has started, use the event to dispatch logs
     for (const method of this.logMethods) {
-      this[method] = message => {
-        if ( global.kuzzle.asyncStore.exists()
-          && global.kuzzle.asyncStore.has('REQUEST')
+      this[method] = (message) => {
+        if (
+          global.kuzzle.asyncStore.exists() &&
+          global.kuzzle.asyncStore.has("REQUEST")
         ) {
-          const request = global.kuzzle.asyncStore.get('REQUEST');
+          const request = global.kuzzle.asyncStore.get("REQUEST");
 
-          global.kuzzle.emit(`log:${method}`, `[${global.kuzzle.id}] ${this.failsafeModeString}[${request.id}] ${message}`);
-        }
-        else {
-          global.kuzzle.emit(`log:${method}`, `[${global.kuzzle.id}] ${this.failsafeModeString}${message}`);
+          global.kuzzle.emit(
+            `log:${method}`,
+            `[${global.kuzzle.id}] ${this.failsafeModeString}[${request.id}] ${message}`
+          );
+        } else {
+          global.kuzzle.emit(
+            `log:${method}`,
+            `[${global.kuzzle.id}] ${this.failsafeModeString}${message}`
+          );
         }
       };
     }

package/lib/kuzzle/vault.js

@@ -19,48 +19,63 @@
  * limitations under the License.
  */
 
-'use strict';
+"use strict";
 
-const assert = require('assert');
-const fs = require('fs');
-const path = require('path');
-const _ = require('lodash');
-const { Vault } = require('kuzzle-vault');
+const assert = require("assert");
+const fs = require("fs");
+const path = require("path");
+const _ = require("lodash");
+const { Vault } = require("kuzzle-vault");
 
-function load (vaultKey, secretsFile) {
+// The Vault package remove the variable from env after reading it and we have
+// to instantiate the Vault two times with Kaaf (one before init and one after)
+let ENV_VAULT_KEY;
+
+function load(vaultKey, secretsFile) {
   // Using KaaF kuzzle is an npm package and is located under node_modules folder
   // We need to get back to root folder of the project to get the secret file
-  const defaultEncryptedSecretsFile = __dirname.endsWith('/node_modules/kuzzle/lib/kuzzle') ?
-    path.resolve(`${__dirname}/../../../../config/secrets.enc.json`) :
-    path.resolve(`${__dirname}/../../config/secrets.enc.json`);
+  const defaultEncryptedSecretsFile = __dirname.endsWith(
+    "/node_modules/kuzzle/lib/kuzzle"
+  )
+    ? path.resolve(`${__dirname}/../../../../config/secrets.enc.json`)
+    : path.resolve(`${__dirname}/../../config/secrets.enc.json`);
 
   const encryptedSecretsFile =
-    secretsFile || process.env.KUZZLE_SECRETS_FILE || defaultEncryptedSecretsFile;
+    secretsFile ||
+    process.env.KUZZLE_SECRETS_FILE ||
+    defaultEncryptedSecretsFile;
 
   let key = vaultKey;
-  if (_.isEmpty(vaultKey) && ! _.isEmpty(process.env.KUZZLE_VAULT_KEY)) {
-    key = process.env.KUZZLE_VAULT_KEY;
+  if (
+    _.isEmpty(vaultKey) &&
+    (!_.isEmpty(process.env.KUZZLE_VAULT_KEY) || !_.isEmpty(ENV_VAULT_KEY))
+  ) {
+    // Keep the vault key value when reading it from the env
+    key = ENV_VAULT_KEY = process.env.KUZZLE_VAULT_KEY || ENV_VAULT_KEY;
   }
 
   const fileExists = fs.existsSync(encryptedSecretsFile);
   // Abort if a custom secrets file has been provided but Kuzzle can't load it
-  if (! _.isEmpty(process.env.KUZZLE_SECRETS_FILE) || ! _.isEmpty(secretsFile)) {
+  if (!_.isEmpty(process.env.KUZZLE_SECRETS_FILE) || !_.isEmpty(secretsFile)) {
     assert(
       fileExists,
-      `A secret file has been provided but Kuzzle cannot find it at "${encryptedSecretsFile}".`);
+      `A secret file has been provided but Kuzzle cannot find it at "${encryptedSecretsFile}".`
+    );
   }
 
   // Abort if a secret file is found (default or custom)
   // but no vault key has been provided
   assert(
-    ! (fileExists && _.isEmpty(key)),
-    'A secret file has been provided but Kuzzle cannot find the Vault key. Aborting.');
+    !(fileExists && _.isEmpty(key)),
+    "A secret file has been provided but Kuzzle cannot find the Vault key. Aborting."
+  );
 
   // Abort if a vault key has been provided
   // but no secrets file can be loaded (default or custom)
   assert(
-    ! (! _.isEmpty(key) && ! fileExists),
-    `A Vault key is present but Kuzzle cannot find the secret file at "${encryptedSecretsFile}". Aborting.`);
+    !(!_.isEmpty(key) && !fileExists),
+    `A Vault key is present but Kuzzle cannot find the secret file at "${encryptedSecretsFile}". Aborting.`
+  );
 
   const vault = new Vault(key);
 

package/lib/model/security/profile.d.ts

@@ -1,6 +1,6 @@
-import { Policy, OptimizedPolicy, OptimizedPolicyRestrictions } from '../../types/index';
-import { Role } from './role';
-import { KuzzleRequest } from '../../../index';
+import { Policy, OptimizedPolicy, OptimizedPolicyRestrictions } from "../../types/index";
+import { Role } from "./role";
+import { KuzzleRequest } from "../../../index";
 /** @internal */
 declare type InternalProfilePolicy = {
     role: Role;