.......... [ZBXNEXT-388] merge from upstream

2 files changed, 69 insertions, 15 deletions

diff --git a/conf/zabbix_proxy.conf b/conf/zabbix_proxy.conf
index 562fad863bc..e5312dc160b 100644
--- a/conf/zabbix_proxy.conf
+++ b/conf/zabbix_proxy.conf
@@ -299,16 +299,6 @@ DBUser=zabbix
 # Default:
 # StartPollersUnreachable=1
 
-### Option: StartHistoryPollers
-#	Number of pre-forked instances of history pollers.
-#	Only required for internal checks.
-#	A database connection is required for each history poller instance.
-#
-# Mandatory: no
-# Range: 0-1000
-# Default:
-# StartHistoryPollers=1
-
 ### Option: StartTrappers
 #	Number of pre-forked instances of trappers.
 #	Trappers accept incoming connections from Zabbix sender and active agents.
@@ -886,12 +876,22 @@ StatsAllowedIP=127.0.0.1
 # Default:
 # DBTLSCipher13=
 
+### Option: Vault
+#	Specifies vault:
+#		HashiCorp - HashiCorp KV Secrets Engine - Version 2
+#		CyberArk  - CyberArk Central Credential Provider
+#
+# Mandatory: no
+# Default:
+# Vault=HashiCorp
+
 ### Option: VaultToken
 #	Vault authentication token that should have been generated exclusively for Zabbix proxy with read only permission to path
 #	specified in optional VaultDBPath configuration parameter.
 #	It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time.
 #
 # Mandatory: no
+#	(yes, if Vault is explicitly set to HashiCorp)
 # Default:
 # VaultToken=
 
@@ -903,14 +903,36 @@ StatsAllowedIP=127.0.0.1
 # VaultURL=https://127.0.0.1:8200
 
 ### Option: VaultDBPath
-#	Vault path from where credentials for database will be retrieved by keys 'password' and 'username'.
-#	Example: secret/zabbix/database
+#	Vault path or query depending on the Vault from where credentials for database will be retrieved by keys.
+#	Keys used for HashiCorp are 'password' and 'username'.
+#	Example path:
+#		secret/zabbix/database
+#	Keys used for CyberArk are 'Content' and 'UserName'.
+#	Example query:
+#		AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_proxy_database
 #	This option can only be used if DBUser and DBPassword are not specified.
 #
 # Mandatory: no
 # Default:
 # VaultDBPath=
 
+### Option: VaultTLSCertFile
+#	Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format.
+#	If the certificate file contains also the private key, leave the SSL key file field empty. The directory
+#	containing this file is specified by configuration parameter SSLCertLocation.
+#
+# Mandatory: no
+# Default:
+# VaultTLSCertFile=
+
+### Option: VaultTLSKeyFile
+#	Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format.
+#	The directory containing this file is specified by configuration parameter SSLKeyLocation.
+#
+# Mandatory: no
+# Default:
+# VaultTLSKeyFile=
+
 ####### For advanced users - TCP-related fine-tuning parameters #######
 
 ## Option: ListenBacklog
diff --git a/conf/zabbix_server.conf b/conf/zabbix_server.conf
index e213c17a866..82ccdd19de0 100644
--- a/conf/zabbix_server.conf
+++ b/conf/zabbix_server.conf
@@ -237,7 +237,7 @@ DBUser=zabbix
 
 ### Option: StartHistoryPollers
 #	Number of pre-forked instances of history pollers.
-#	Only required for calculated and internal checks.
+#	Only required for calculated checks.
 #	A database connection is required for each history poller instance.
 #
 # Mandatory: no
@@ -885,6 +885,15 @@ StatsAllowedIP=127.0.0.1
 # Default:
 # DBTLSCipher13=
 
+### Option: Vault
+#	Specifies vault:
+#		HashiCorp - HashiCorp KV Secrets Engine - Version 2
+#		CyberArk  - CyberArk Central Credential Provider
+#
+# Mandatory: no
+# Default:
+# Vault=HashiCorp
+
 ### Option: VaultToken
 #	Vault authentication token that should have been generated exclusively for Zabbix server with read only permission
 #	to paths specified in Vault macros and read only permission to path specified in optional VaultDBPath
@@ -892,6 +901,7 @@ StatsAllowedIP=127.0.0.1
 #	It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time.
 #
 # Mandatory: no
+#	(yes, if Vault is explicitly set to HashiCorp)
 # Default:
 # VaultToken=
 
@@ -903,14 +913,36 @@ StatsAllowedIP=127.0.0.1
 # VaultURL=https://127.0.0.1:8200
 
 ### Option: VaultDBPath
-#	Vault path from where credentials for database will be retrieved by keys 'password' and 'username'.
-#	Example: secret/zabbix/database
+#	Vault path or query depending on the Vault from where credentials for database will be retrieved by keys.
+#	Keys used for HashiCorp are 'password' and 'username'.
+#	Example path:
+#		secret/zabbix/database
+#	Keys used for CyberArk are 'Content' and 'UserName'.
+#	Example query:
+#		AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_server_database
 #	This option can only be used if DBUser and DBPassword are not specified.
 #
 # Mandatory: no
 # Default:
 # VaultDBPath=
 
+### Option: VaultTLSCertFile
+#	Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format.
+#	If the certificate file contains also the private key, leave the SSL key file field empty. The directory
+#	containing this file is specified by configuration parameter SSLCertLocation.
+#
+# Mandatory: no
+# Default:
+# VaultTLSCertFile=
+
+### Option: VaultTLSKeyFile
+#	Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format.
+#	The directory containing this file is specified by configuration parameter SSLKeyLocation.
+#
+# Mandatory: no
+# Default:
+# VaultTLSKeyFile=
+
 ### Option: StartReportWriters
 #	Number of pre-forked report writer instances.
 #