diff options
| author | Vladislavs Sokurenko <vladislavs.sokurenko@zabbix.com> | 2020-09-08 15:24:28 +0300 |
|---|---|---|
| committer | Vladislavs Sokurenko <vladislavs.sokurenko@zabbix.com> | 2020-09-08 15:24:28 +0300 |
| commit | b0054d0cdbb2be39651b89c4a2b45de2d734af50 (patch) | |
| tree | 5d9d94f6d27a7bdcb4f534e485bd0a0062732fab /conf | |
| parent | c5fe22a004c1e827be5fc7b191ca3e04f43aa4ba (diff) | |
.D..I..PS. [ZBXNEXT-1660] added ability to retrieve database credentials and macro values from HashiCorp Vault
Diffstat (limited to 'conf')
| -rw-r--r-- | conf/zabbix_proxy.conf | 28 | ||||
| -rw-r--r-- | conf/zabbix_server.conf | 29 |
2 files changed, 55 insertions, 2 deletions
diff --git a/conf/zabbix_proxy.conf b/conf/zabbix_proxy.conf index e21b2242748..b5e4622dd85 100644 --- a/conf/zabbix_proxy.conf +++ b/conf/zabbix_proxy.conf @@ -611,7 +611,7 @@ LogSlowQueries=3000 ### Option: SSLCALocation # Location of certificate authority (CA) files for SSL server certificate verification. # If not set, system-wide directory will be used. -# This parameter is used only in web monitoring. +# This parameter is used in web monitoring, HTTP agent items and for communication with Vault. # # Mandatory: no # Default: @@ -858,3 +858,29 @@ StatsAllowedIP=127.0.0.1 # Mandatory no # Default: # DBTLSCipher13= + +### Option: VaultToken +# Vault authentication token that should have been generated exclusively for Zabbix proxy with read only permission to path +# specified in optional VaultDBPath configuration parameter. +# It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time. +# +# Mandatory: no +# Default: +# VaultToken= + +### Option: VaultURL +# Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified. +# +# Mandatory: no +# Default: +# VaultURL=https://127.0.0.1:8200 + +### Option: VaultDBPath +# Vault path from where credentials for database will be retrieved by keys 'password' and 'username'. +# Example: secret/zabbix/database +# This option can only be used if DBUser and DBPassword are not specified. +# +# Mandatory: no +# Default: +# VaultDBPath= + diff --git a/conf/zabbix_server.conf b/conf/zabbix_server.conf index 62a6b1ddb1c..88b1e53d3c6 100644 --- a/conf/zabbix_server.conf +++ b/conf/zabbix_server.conf @@ -645,7 +645,7 @@ LogSlowQueries=3000 ### Option: SSLCALocation # Override the location of certificate authority (CA) files for SSL server certificate verification. # If not set, system-wide directory will be used. -# This parameter is used only in web monitoring and SMTP authentication. +# This parameter is used in web monitoring, SMTP authentication, HTTP agent items and for communication with Vault. # # Mandatory: no # Default: @@ -842,3 +842,30 @@ StatsAllowedIP=127.0.0.1 # Mandatory no # Default: # DBTLSCipher13= + +### Option: VaultToken +# Vault authentication token that should have been generated exclusively for Zabbix server with read only permission +# to paths specified in Vault macros and read only permission to path specified in optional VaultDBPath +# configuration parameter. +# It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time. +# +# Mandatory: no +# Default: +# VaultToken= + +### Option: VaultURL +# Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified. +# +# Mandatory: no +# Default: +# VaultURL=https://127.0.0.1:8200 + +### Option: VaultDBPath +# Vault path from where credentials for database will be retrieved by keys 'password' and 'username'. +# Example: secret/zabbix/database +# This option can only be used if DBUser and DBPassword are not specified. +# +# Mandatory: no +# Default: +# VaultDBPath= + |