.D........ [ZBXNEXT-7402] updated man pages

2 files changed, 68 insertions, 4 deletions

diff --git a/conf/zabbix_proxy.conf b/conf/zabbix_proxy.conf
index 08cb20f1193..ea4b591ea7e 100644
--- a/conf/zabbix_proxy.conf
+++ b/conf/zabbix_proxy.conf
@@ -886,12 +886,22 @@ StatsAllowedIP=127.0.0.1
 # Default:
 # DBTLSCipher13=
 
+### Option: Vault
+#	Specifies vault:
+#		HashiCorp   - HashiCorp KV Secrets Engine - Version 2
+#		CyberArkCPP - CyberArk Central Credential Provider
+#
+# Mandatory: no
+# Default:
+# Vault=HashiCorp
+
 ### Option: VaultToken
 #	Vault authentication token that should have been generated exclusively for Zabbix proxy with read only permission to path
 #	specified in optional VaultDBPath configuration parameter.
 #	It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time.
 #
 # Mandatory: no
+#	(yes, if Vault is explicitly set to HashiCorp)
 # Default:
 # VaultToken=
 
@@ -903,14 +913,36 @@ StatsAllowedIP=127.0.0.1
 # VaultURL=https://127.0.0.1:8200
 
 ### Option: VaultDBPath
-#	Vault path from where credentials for database will be retrieved by keys 'password' and 'username'.
-#	Example: secret/zabbix/database
+#	Vault path or query depending on the Vault from where credentials for database will be retrieved by keys.
+#	Keys used for HashiCorp are 'password' and 'username'.
+#	Example path:
+#		secret/zabbix/database
+#	Keys used for CyberArkCPP are 'Content' and 'UserName'.
+#	Example query:
+#		AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_proxy_database
 #	This option can only be used if DBUser and DBPassword are not specified.
 #
 # Mandatory: no
 # Default:
 # VaultDBPath=
 
+### Option: VaultTLSCertFile
+#	Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format.
+#	If the certificate file contains also the private key, leave the SSL key file field empty. The directory
+#	containing this file is specified by configuration parameter SSLCertLocation.
+#
+# Mandatory: no
+# Default:
+# VaultTLSCertFile=
+
+### Option: VaultTLSKeyFile
+#	Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format.
+#	The directory containing this file is specified by configuration parameter SSLKeyLocation.
+#
+# Mandatory: no
+# Default:
+# VaultTLSKeyFile=
+
 ####### For advanced users - TCP-related fine-tuning parameters #######
 
 ## Option: ListenBacklog
diff --git a/conf/zabbix_server.conf b/conf/zabbix_server.conf
index 87b37fdd270..88c6399a6b8 100644
--- a/conf/zabbix_server.conf
+++ b/conf/zabbix_server.conf
@@ -885,6 +885,15 @@ StatsAllowedIP=127.0.0.1
 # Default:
 # DBTLSCipher13=
 
+### Option: Vault
+#	Specifies vault:
+#		HashiCorp   - HashiCorp KV Secrets Engine - Version 2
+#		CyberArkCPP - CyberArk Central Credential Provider
+#
+# Mandatory: no
+# Default:
+# Vault=HashiCorp
+
 ### Option: VaultToken
 #	Vault authentication token that should have been generated exclusively for Zabbix server with read only permission
 #	to paths specified in Vault macros and read only permission to path specified in optional VaultDBPath
@@ -892,6 +901,7 @@ StatsAllowedIP=127.0.0.1
 #	It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time.
 #
 # Mandatory: no
+#	(yes, if Vault is explicitly set to HashiCorp)
 # Default:
 # VaultToken=
 
@@ -903,14 +913,36 @@ StatsAllowedIP=127.0.0.1
 # VaultURL=https://127.0.0.1:8200
 
 ### Option: VaultDBPath
-#	Vault path from where credentials for database will be retrieved by keys 'password' and 'username'.
-#	Example: secret/zabbix/database
+#	Vault path or query depending on the Vault from where credentials for database will be retrieved by keys.
+#	Keys used for HashiCorp are 'password' and 'username'.
+#	Example path:
+#		secret/zabbix/database
+#	Keys used for CyberArkCPP are 'Content' and 'UserName'.
+#	Example query:
+#		AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_server_database
 #	This option can only be used if DBUser and DBPassword are not specified.
 #
 # Mandatory: no
 # Default:
 # VaultDBPath=
 
+### Option: VaultTLSCertFile
+#	Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format.
+#	If the certificate file contains also the private key, leave the SSL key file field empty. The directory
+#	containing this file is specified by configuration parameter SSLCertLocation.
+#
+# Mandatory: no
+# Default:
+# VaultTLSCertFile=
+
+### Option: VaultTLSKeyFile
+#	Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format.
+#	The directory containing this file is specified by configuration parameter SSLKeyLocation.
+#
+# Mandatory: no
+# Default:
+# VaultTLSKeyFile=
+
 ### Option: StartReportWriters
 #	Number of pre-forked report writer instances.
 #