Any idea here?

Hello Amiram,

I had the same issue with a Docker deployment of Zabbix Server and Vault. Zabbix don't trust in self-signed certificates unless you allow it, adding a custom CA.

What I've done is set the SSLCALocation parameter to a folder that has been prepared with my CA, using the Openssl c_rehash utility. I've copy the .pem certificate to that folder, and then use this utility.

A note about this, is that the Common Name of the certificate must be valid, that means that must match the hostname. Otherwise, you can see a similar error:

"cannot initialize database credentials from vault: Cannot perform request: SSL: certificate subject name 'nginx-docker' does not match target host name 'vault-nginx'"

See https://www.zabbix.com/documentation...onfiguring-tls for more details.

Good luck!

hi, does Zabbix request for new vault token when the value provided in "VaultToken" param expires?

No, it doesn't

hi, I'm facing another issue while trying to configure it with the enterprise vault

Params provided in config:
VaultToken=XXXXXXXXXXXXXXXXXX
VaultURL=https://vault-dev.yourorg.com:8XXX
VaultDBPath=secret/dev/00111111/zabbix

Zabbix seems to be including 'data' in the path after 'secret', so I'm getting 403 permission denied error from the vault

2031597:20220310:064707.659 In zbx_http_get() URL 'https://vault-dev.yourorg.com:8XXX/v1/secret/data/dev/00111111/zabbix'
2031597:20220310:064707.697 End of zbx_http_get():SUCCEED
2031597:20220310:064707.697 cannot initialize database credentials from vault: unsuccessful response code "403"

Zabbix includes "data" in accordance with Vault Secrets Engine v2 convention:

(https://www.vaultproject.io/docs/secrets/kv/kv-v2)

Perhaps you use Secrets Engine v1 which Zabbix does not support.