diff options
author | Vladislavs Sokurenko <vladislavs.sokurenko@zabbix.com> | 2022-01-21 13:23:18 +0300 |
---|---|---|
committer | Vladislavs Sokurenko <vladislavs.sokurenko@zabbix.com> | 2022-01-21 13:23:18 +0300 |
commit | a4f53dae262839dead72317cce663e68c1c72f7f (patch) | |
tree | f01708381974c676bb805a2c069e11a7b2ef8d40 /conf | |
parent | 5c6fdeee6293bd07c1793756deec49001954bd96 (diff) |
.D........ [ZBXNEXT-7402] updated man pages
Diffstat (limited to 'conf')
-rw-r--r-- | conf/zabbix_proxy.conf | 36 | ||||
-rw-r--r-- | conf/zabbix_server.conf | 36 |
2 files changed, 68 insertions, 4 deletions
diff --git a/conf/zabbix_proxy.conf b/conf/zabbix_proxy.conf index 08cb20f1193..ea4b591ea7e 100644 --- a/conf/zabbix_proxy.conf +++ b/conf/zabbix_proxy.conf @@ -886,12 +886,22 @@ StatsAllowedIP=127.0.0.1 # Default: # DBTLSCipher13= +### Option: Vault +# Specifies vault: +# HashiCorp - HashiCorp KV Secrets Engine - Version 2 +# CyberArkCPP - CyberArk Central Credential Provider +# +# Mandatory: no +# Default: +# Vault=HashiCorp + ### Option: VaultToken # Vault authentication token that should have been generated exclusively for Zabbix proxy with read only permission to path # specified in optional VaultDBPath configuration parameter. # It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time. # # Mandatory: no +# (yes, if Vault is explicitly set to HashiCorp) # Default: # VaultToken= @@ -903,14 +913,36 @@ StatsAllowedIP=127.0.0.1 # VaultURL=https://127.0.0.1:8200 ### Option: VaultDBPath -# Vault path from where credentials for database will be retrieved by keys 'password' and 'username'. -# Example: secret/zabbix/database +# Vault path or query depending on the Vault from where credentials for database will be retrieved by keys. +# Keys used for HashiCorp are 'password' and 'username'. +# Example path: +# secret/zabbix/database +# Keys used for CyberArkCPP are 'Content' and 'UserName'. +# Example query: +# AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_proxy_database # This option can only be used if DBUser and DBPassword are not specified. # # Mandatory: no # Default: # VaultDBPath= +### Option: VaultTLSCertFile +# Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format. +# If the certificate file contains also the private key, leave the SSL key file field empty. The directory +# containing this file is specified by configuration parameter SSLCertLocation. +# +# Mandatory: no +# Default: +# VaultTLSCertFile= + +### Option: VaultTLSKeyFile +# Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format. +# The directory containing this file is specified by configuration parameter SSLKeyLocation. +# +# Mandatory: no +# Default: +# VaultTLSKeyFile= + ####### For advanced users - TCP-related fine-tuning parameters ####### ## Option: ListenBacklog diff --git a/conf/zabbix_server.conf b/conf/zabbix_server.conf index 87b37fdd270..88c6399a6b8 100644 --- a/conf/zabbix_server.conf +++ b/conf/zabbix_server.conf @@ -885,6 +885,15 @@ StatsAllowedIP=127.0.0.1 # Default: # DBTLSCipher13= +### Option: Vault +# Specifies vault: +# HashiCorp - HashiCorp KV Secrets Engine - Version 2 +# CyberArkCPP - CyberArk Central Credential Provider +# +# Mandatory: no +# Default: +# Vault=HashiCorp + ### Option: VaultToken # Vault authentication token that should have been generated exclusively for Zabbix server with read only permission # to paths specified in Vault macros and read only permission to path specified in optional VaultDBPath @@ -892,6 +901,7 @@ StatsAllowedIP=127.0.0.1 # It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time. # # Mandatory: no +# (yes, if Vault is explicitly set to HashiCorp) # Default: # VaultToken= @@ -903,14 +913,36 @@ StatsAllowedIP=127.0.0.1 # VaultURL=https://127.0.0.1:8200 ### Option: VaultDBPath -# Vault path from where credentials for database will be retrieved by keys 'password' and 'username'. -# Example: secret/zabbix/database +# Vault path or query depending on the Vault from where credentials for database will be retrieved by keys. +# Keys used for HashiCorp are 'password' and 'username'. +# Example path: +# secret/zabbix/database +# Keys used for CyberArkCPP are 'Content' and 'UserName'. +# Example query: +# AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_server_database # This option can only be used if DBUser and DBPassword are not specified. # # Mandatory: no # Default: # VaultDBPath= +### Option: VaultTLSCertFile +# Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format. +# If the certificate file contains also the private key, leave the SSL key file field empty. The directory +# containing this file is specified by configuration parameter SSLCertLocation. +# +# Mandatory: no +# Default: +# VaultTLSCertFile= + +### Option: VaultTLSKeyFile +# Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format. +# The directory containing this file is specified by configuration parameter SSLKeyLocation. +# +# Mandatory: no +# Default: +# VaultTLSKeyFile= + ### Option: StartReportWriters # Number of pre-forked report writer instances. # |