diff --git a/Dockerfiles/proxy-mysql/alpine/docker-entrypoint.sh b/Dockerfiles/proxy-mysql/alpine/docker-entrypoint.sh
index 290da63d2..46380e7b3 100755
--- a/Dockerfiles/proxy-mysql/alpine/docker-entrypoint.sh
+++ b/Dockerfiles/proxy-mysql/alpine/docker-entrypoint.sh
@@ -361,13 +361,19 @@ update_zbx_config() {
     update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
     update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
 
-    if [ -n "${VAULT_TOKEN}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+    if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+        update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
         update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
         update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
         update_config_var $ZBX_CONFIG "DBUser"
         update_config_var $ZBX_CONFIG "DBPassword"
     else
+        update_config_var $ZBX_CONFIG "Vault"
         update_config_var $ZBX_CONFIG "VaultDBPath"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
         update_config_var $ZBX_CONFIG "VaultURL"
         update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
         update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
diff --git a/Dockerfiles/proxy-mysql/centos/docker-entrypoint.sh b/Dockerfiles/proxy-mysql/centos/docker-entrypoint.sh
index 4a699cf64..52b8e052f 100755
--- a/Dockerfiles/proxy-mysql/centos/docker-entrypoint.sh
+++ b/Dockerfiles/proxy-mysql/centos/docker-entrypoint.sh
@@ -358,13 +358,19 @@ update_zbx_config() {
     update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
     update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
 
-    if [ -n "${VAULT_TOKEN}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+    if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+        update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
         update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
         update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
         update_config_var $ZBX_CONFIG "DBUser"
         update_config_var $ZBX_CONFIG "DBPassword"
     else
+        update_config_var $ZBX_CONFIG "Vault"
         update_config_var $ZBX_CONFIG "VaultDBPath"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
         update_config_var $ZBX_CONFIG "VaultURL"
         update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
         update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
diff --git a/Dockerfiles/proxy-mysql/ol/docker-entrypoint.sh b/Dockerfiles/proxy-mysql/ol/docker-entrypoint.sh
index 4a699cf64..52b8e052f 100755
--- a/Dockerfiles/proxy-mysql/ol/docker-entrypoint.sh
+++ b/Dockerfiles/proxy-mysql/ol/docker-entrypoint.sh
@@ -358,13 +358,19 @@ update_zbx_config() {
     update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
     update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
 
-    if [ -n "${VAULT_TOKEN}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+    if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+        update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
         update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
         update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
         update_config_var $ZBX_CONFIG "DBUser"
         update_config_var $ZBX_CONFIG "DBPassword"
     else
+        update_config_var $ZBX_CONFIG "Vault"
         update_config_var $ZBX_CONFIG "VaultDBPath"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
         update_config_var $ZBX_CONFIG "VaultURL"
         update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
         update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
diff --git a/Dockerfiles/proxy-mysql/rhel/docker-entrypoint.sh b/Dockerfiles/proxy-mysql/rhel/docker-entrypoint.sh
index 4a699cf64..52b8e052f 100755
--- a/Dockerfiles/proxy-mysql/rhel/docker-entrypoint.sh
+++ b/Dockerfiles/proxy-mysql/rhel/docker-entrypoint.sh
@@ -358,13 +358,19 @@ update_zbx_config() {
     update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
     update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
 
-    if [ -n "${VAULT_TOKEN}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+    if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+        update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
         update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
         update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
         update_config_var $ZBX_CONFIG "DBUser"
         update_config_var $ZBX_CONFIG "DBPassword"
     else
+        update_config_var $ZBX_CONFIG "Vault"
         update_config_var $ZBX_CONFIG "VaultDBPath"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
         update_config_var $ZBX_CONFIG "VaultURL"
         update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
         update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
diff --git a/Dockerfiles/proxy-mysql/ubuntu/docker-entrypoint.sh b/Dockerfiles/proxy-mysql/ubuntu/docker-entrypoint.sh
index 4314c91fb..4eedb5a81 100755
--- a/Dockerfiles/proxy-mysql/ubuntu/docker-entrypoint.sh
+++ b/Dockerfiles/proxy-mysql/ubuntu/docker-entrypoint.sh
@@ -358,13 +358,19 @@ update_zbx_config() {
     update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
     update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
 
-    if [ -n "${VAULT_TOKEN}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+    if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+        update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
         update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
         update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
         update_config_var $ZBX_CONFIG "DBUser"
         update_config_var $ZBX_CONFIG "DBPassword"
     else
+        update_config_var $ZBX_CONFIG "Vault"
         update_config_var $ZBX_CONFIG "VaultDBPath"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
         update_config_var $ZBX_CONFIG "VaultURL"
         update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
         update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
diff --git a/Dockerfiles/server-mysql/alpine/docker-entrypoint.sh b/Dockerfiles/server-mysql/alpine/docker-entrypoint.sh
index 6e8002d59..45b9ba075 100755
--- a/Dockerfiles/server-mysql/alpine/docker-entrypoint.sh
+++ b/Dockerfiles/server-mysql/alpine/docker-entrypoint.sh
@@ -359,13 +359,19 @@ update_zbx_config() {
     update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
     update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
 
-    if [ -n "${VAULT_TOKEN}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+    if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+        update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
         update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
         update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
         update_config_var $ZBX_CONFIG "DBUser"
         update_config_var $ZBX_CONFIG "DBPassword"
     else
+        update_config_var $ZBX_CONFIG "Vault"
         update_config_var $ZBX_CONFIG "VaultDBPath"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
         update_config_var $ZBX_CONFIG "VaultURL"
         update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
         update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
diff --git a/Dockerfiles/server-mysql/centos/docker-entrypoint.sh b/Dockerfiles/server-mysql/centos/docker-entrypoint.sh
index 2d8d01fdb..5061c69cd 100755
--- a/Dockerfiles/server-mysql/centos/docker-entrypoint.sh
+++ b/Dockerfiles/server-mysql/centos/docker-entrypoint.sh
@@ -356,13 +356,19 @@ update_zbx_config() {
     update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
     update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
 
-    if [ -n "${VAULT_TOKEN}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+    if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+        update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
         update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
         update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
         update_config_var $ZBX_CONFIG "DBUser"
         update_config_var $ZBX_CONFIG "DBPassword"
     else
+        update_config_var $ZBX_CONFIG "Vault"
         update_config_var $ZBX_CONFIG "VaultDBPath"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
         update_config_var $ZBX_CONFIG "VaultURL"
         update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
         update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
diff --git a/Dockerfiles/server-mysql/ol/docker-entrypoint.sh b/Dockerfiles/server-mysql/ol/docker-entrypoint.sh
index 2d8d01fdb..5061c69cd 100755
--- a/Dockerfiles/server-mysql/ol/docker-entrypoint.sh
+++ b/Dockerfiles/server-mysql/ol/docker-entrypoint.sh
@@ -356,13 +356,19 @@ update_zbx_config() {
     update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
     update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
 
-    if [ -n "${VAULT_TOKEN}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+    if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+        update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
         update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
         update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
         update_config_var $ZBX_CONFIG "DBUser"
         update_config_var $ZBX_CONFIG "DBPassword"
     else
+        update_config_var $ZBX_CONFIG "Vault"
         update_config_var $ZBX_CONFIG "VaultDBPath"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
         update_config_var $ZBX_CONFIG "VaultURL"
         update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
         update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
diff --git a/Dockerfiles/server-mysql/rhel/docker-entrypoint.sh b/Dockerfiles/server-mysql/rhel/docker-entrypoint.sh
index 2d8d01fdb..5061c69cd 100755
--- a/Dockerfiles/server-mysql/rhel/docker-entrypoint.sh
+++ b/Dockerfiles/server-mysql/rhel/docker-entrypoint.sh
@@ -356,13 +356,19 @@ update_zbx_config() {
     update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
     update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
 
-    if [ -n "${VAULT_TOKEN}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+    if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+        update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
         update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
         update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
         update_config_var $ZBX_CONFIG "DBUser"
         update_config_var $ZBX_CONFIG "DBPassword"
     else
+        update_config_var $ZBX_CONFIG "Vault"
         update_config_var $ZBX_CONFIG "VaultDBPath"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
         update_config_var $ZBX_CONFIG "VaultURL"
         update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
         update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
diff --git a/Dockerfiles/server-mysql/ubuntu/docker-entrypoint.sh b/Dockerfiles/server-mysql/ubuntu/docker-entrypoint.sh
index ab2bd8d50..32d6f4a46 100755
--- a/Dockerfiles/server-mysql/ubuntu/docker-entrypoint.sh
+++ b/Dockerfiles/server-mysql/ubuntu/docker-entrypoint.sh
@@ -356,13 +356,19 @@ update_zbx_config() {
     update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
     update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
 
-    if [ -n "${VAULT_TOKEN}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+    if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+        update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
         update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
         update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
         update_config_var $ZBX_CONFIG "DBUser"
         update_config_var $ZBX_CONFIG "DBPassword"
     else
+        update_config_var $ZBX_CONFIG "Vault"
         update_config_var $ZBX_CONFIG "VaultDBPath"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
         update_config_var $ZBX_CONFIG "VaultURL"
         update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
         update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
diff --git a/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh b/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh
index e5b50be9e..e354cbb72 100755
--- a/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh
+++ b/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh
@@ -391,13 +391,19 @@ update_zbx_config() {
     update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
     update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
 
-    if [ -n "${VAULT_TOKEN}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+    if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+        update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
         update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
         update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
         update_config_var $ZBX_CONFIG "DBUser"
         update_config_var $ZBX_CONFIG "DBPassword"
     else
+        update_config_var $ZBX_CONFIG "Vault"
         update_config_var $ZBX_CONFIG "VaultDBPath"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
         update_config_var $ZBX_CONFIG "VaultURL"
         update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
         update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
diff --git a/Dockerfiles/server-pgsql/centos/docker-entrypoint.sh b/Dockerfiles/server-pgsql/centos/docker-entrypoint.sh
index e5b50be9e..e354cbb72 100755
--- a/Dockerfiles/server-pgsql/centos/docker-entrypoint.sh
+++ b/Dockerfiles/server-pgsql/centos/docker-entrypoint.sh
@@ -391,13 +391,19 @@ update_zbx_config() {
     update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
     update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
 
-    if [ -n "${VAULT_TOKEN}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+    if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+        update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
         update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
         update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
         update_config_var $ZBX_CONFIG "DBUser"
         update_config_var $ZBX_CONFIG "DBPassword"
     else
+        update_config_var $ZBX_CONFIG "Vault"
         update_config_var $ZBX_CONFIG "VaultDBPath"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
         update_config_var $ZBX_CONFIG "VaultURL"
         update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
         update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
diff --git a/Dockerfiles/server-pgsql/ol/docker-entrypoint.sh b/Dockerfiles/server-pgsql/ol/docker-entrypoint.sh
index e5b50be9e..e354cbb72 100755
--- a/Dockerfiles/server-pgsql/ol/docker-entrypoint.sh
+++ b/Dockerfiles/server-pgsql/ol/docker-entrypoint.sh
@@ -391,13 +391,19 @@ update_zbx_config() {
     update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
     update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
 
-    if [ -n "${VAULT_TOKEN}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+    if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+        update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
         update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
         update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
         update_config_var $ZBX_CONFIG "DBUser"
         update_config_var $ZBX_CONFIG "DBPassword"
     else
+        update_config_var $ZBX_CONFIG "Vault"
         update_config_var $ZBX_CONFIG "VaultDBPath"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
         update_config_var $ZBX_CONFIG "VaultURL"
         update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
         update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
diff --git a/Dockerfiles/server-pgsql/ubuntu/docker-entrypoint.sh b/Dockerfiles/server-pgsql/ubuntu/docker-entrypoint.sh
index 7ef2db469..684547493 100755
--- a/Dockerfiles/server-pgsql/ubuntu/docker-entrypoint.sh
+++ b/Dockerfiles/server-pgsql/ubuntu/docker-entrypoint.sh
@@ -391,13 +391,19 @@ update_zbx_config() {
     update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
     update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
 
-    if [ -n "${VAULT_TOKEN}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+    if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
+        update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
         update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
         update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
         update_config_var $ZBX_CONFIG "DBUser"
         update_config_var $ZBX_CONFIG "DBPassword"
     else
+        update_config_var $ZBX_CONFIG "Vault"
         update_config_var $ZBX_CONFIG "VaultDBPath"
+        update_config_var $ZBX_CONFIG "VaultTLSCertFile"
+        update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
         update_config_var $ZBX_CONFIG "VaultURL"
         update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
         update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php
index efa8ac849..f664ef2a4 100644
--- a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php
+++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php
@@ -27,9 +27,14 @@ $DB['VERIFY_HOST']		= getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
 $DB['CIPHER_LIST']		= getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
 
 // Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']		= getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']		= getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']		= getenv('VAULT_TOKEN');
+$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+
+$DB['VAULT_CACHE']		= getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
 // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
 // This option is enabled by default for new Zabbix installations.
diff --git a/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh
index f1eb0e8fc..28a4ebb74 100755
--- a/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh
+++ b/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh
@@ -173,9 +173,12 @@ prepare_zbx_web_config() {
     : ${ZBX_DB_VERIFY_HOST:="false"}
     export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
 
+    export ZBX_VAULT=${ZBX_VAULT}
     export ZBX_VAULTURL=${ZBX_VAULTURL}
     export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
     export VAULT_TOKEN=${VAULT_TOKEN}
+    export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
+    export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
 
     : ${DB_DOUBLE_IEEE754:="true"}
     export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php
index efa8ac849..f664ef2a4 100644
--- a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php
+++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php
@@ -27,9 +27,14 @@ $DB['VERIFY_HOST']		= getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
 $DB['CIPHER_LIST']		= getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
 
 // Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']		= getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']		= getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']		= getenv('VAULT_TOKEN');
+$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+
+$DB['VAULT_CACHE']		= getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
 // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
 // This option is enabled by default for new Zabbix installations.
diff --git a/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh
index 924618b44..59ed2fe38 100755
--- a/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh
+++ b/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh
@@ -189,9 +189,12 @@ prepare_zbx_web_config() {
     : ${ZBX_DB_VERIFY_HOST:="false"}
     export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
 
+    export ZBX_VAULT=${ZBX_VAULT}
     export ZBX_VAULTURL=${ZBX_VAULTURL}
     export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
     export VAULT_TOKEN=${VAULT_TOKEN}
+    export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
+    export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
 
     : ${DB_DOUBLE_IEEE754:="true"}
     export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php
index efa8ac849..f664ef2a4 100644
--- a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php
+++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php
@@ -27,9 +27,14 @@ $DB['VERIFY_HOST']		= getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
 $DB['CIPHER_LIST']		= getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
 
 // Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']		= getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']		= getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']		= getenv('VAULT_TOKEN');
+$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+
+$DB['VAULT_CACHE']		= getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
 // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
 // This option is enabled by default for new Zabbix installations.
diff --git a/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh
index 924618b44..59ed2fe38 100755
--- a/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh
+++ b/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh
@@ -189,9 +189,12 @@ prepare_zbx_web_config() {
     : ${ZBX_DB_VERIFY_HOST:="false"}
     export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
 
+    export ZBX_VAULT=${ZBX_VAULT}
     export ZBX_VAULTURL=${ZBX_VAULTURL}
     export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
     export VAULT_TOKEN=${VAULT_TOKEN}
+    export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
+    export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
 
     : ${DB_DOUBLE_IEEE754:="true"}
     export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
index efa8ac849..f664ef2a4 100644
--- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
+++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
@@ -27,9 +27,14 @@ $DB['VERIFY_HOST']		= getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
 $DB['CIPHER_LIST']		= getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
 
 // Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']		= getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']		= getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']		= getenv('VAULT_TOKEN');
+$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+
+$DB['VAULT_CACHE']		= getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
 // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
 // This option is enabled by default for new Zabbix installations.
diff --git a/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh
index 3c7aa8f5d..3b7607fde 100755
--- a/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh
+++ b/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh
@@ -173,9 +173,12 @@ prepare_zbx_web_config() {
     : ${ZBX_DB_VERIFY_HOST:="false"}
     export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
 
+    export ZBX_VAULT=${ZBX_VAULT}
     export ZBX_VAULTURL=${ZBX_VAULTURL}
     export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
     export VAULT_TOKEN=${VAULT_TOKEN}
+    export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
+    export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
 
     : ${DB_DOUBLE_IEEE754:="true"}
     export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php
index efa8ac849..f664ef2a4 100644
--- a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php
+++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php
@@ -27,9 +27,14 @@ $DB['VERIFY_HOST']		= getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
 $DB['CIPHER_LIST']		= getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
 
 // Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']		= getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']		= getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']		= getenv('VAULT_TOKEN');
+$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+
+$DB['VAULT_CACHE']		= getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
 // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
 // This option is enabled by default for new Zabbix installations.
diff --git a/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh
index 23fd41220..26e748c62 100755
--- a/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh
+++ b/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh
@@ -173,9 +173,12 @@ prepare_zbx_web_config() {
     : ${ZBX_DB_VERIFY_HOST:="false"}
     export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
 
+    export ZBX_VAULT=${ZBX_VAULT}
     export ZBX_VAULTURL=${ZBX_VAULTURL}
     export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
     export VAULT_TOKEN=${VAULT_TOKEN}
+    export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
+    export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
 
     : ${DB_DOUBLE_IEEE754:="true"}
     export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php
index efa8ac849..f664ef2a4 100644
--- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php
+++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php
@@ -27,9 +27,14 @@ $DB['VERIFY_HOST']		= getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
 $DB['CIPHER_LIST']		= getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
 
 // Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']		= getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']		= getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']		= getenv('VAULT_TOKEN');
+$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+
+$DB['VAULT_CACHE']		= getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
 // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
 // This option is enabled by default for new Zabbix installations.
diff --git a/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh
index e6f98bdcb..1e245e9c4 100755
--- a/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh
+++ b/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh
@@ -189,9 +189,12 @@ prepare_zbx_web_config() {
     : ${ZBX_DB_VERIFY_HOST:="false"}
     export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
 
+    export ZBX_VAULT=${ZBX_VAULT}
     export ZBX_VAULTURL=${ZBX_VAULTURL}
     export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
     export VAULT_TOKEN=${VAULT_TOKEN}
+    export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
+    export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
 
     : ${DB_DOUBLE_IEEE754:="true"}
     export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php
index efa8ac849..f664ef2a4 100644
--- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php
+++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php
@@ -27,9 +27,14 @@ $DB['VERIFY_HOST']		= getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
 $DB['CIPHER_LIST']		= getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
 
 // Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']		= getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']		= getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']		= getenv('VAULT_TOKEN');
+$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+
+$DB['VAULT_CACHE']		= getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
 // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
 // This option is enabled by default for new Zabbix installations.
diff --git a/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh
index e6f98bdcb..1e245e9c4 100755
--- a/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh
+++ b/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh
@@ -189,9 +189,12 @@ prepare_zbx_web_config() {
     : ${ZBX_DB_VERIFY_HOST:="false"}
     export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
 
+    export ZBX_VAULT=${ZBX_VAULT}
     export ZBX_VAULTURL=${ZBX_VAULTURL}
     export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
     export VAULT_TOKEN=${VAULT_TOKEN}
+    export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
+    export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
 
     : ${DB_DOUBLE_IEEE754:="true"}
     export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
index efa8ac849..f664ef2a4 100644
--- a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
+++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
@@ -27,9 +27,14 @@ $DB['VERIFY_HOST']		= getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
 $DB['CIPHER_LIST']		= getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
 
 // Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']		= getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']		= getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']		= getenv('VAULT_TOKEN');
+$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+
+$DB['VAULT_CACHE']		= getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
 // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
 // This option is enabled by default for new Zabbix installations.
diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh
index 47b6365f9..5c01ca4b3 100755
--- a/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh
+++ b/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh
@@ -177,9 +177,12 @@ prepare_zbx_web_config() {
     : ${ZBX_DB_VERIFY_HOST:="false"}
     export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
 
+    export ZBX_VAULT=${ZBX_VAULT}
     export ZBX_VAULTURL=${ZBX_VAULTURL}
     export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
     export VAULT_TOKEN=${VAULT_TOKEN}
+    export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
+    export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
 
     : ${DB_DOUBLE_IEEE754:="true"}
     export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
diff --git a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php
index efa8ac849..f664ef2a4 100644
--- a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php
+++ b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php
@@ -27,9 +27,14 @@ $DB['VERIFY_HOST']		= getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
 $DB['CIPHER_LIST']		= getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
 
 // Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']		= getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']		= getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']		= getenv('VAULT_TOKEN');
+$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+
+$DB['VAULT_CACHE']		= getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
 // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
 // This option is enabled by default for new Zabbix installations.
diff --git a/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh
index 774736d25..f9615d67d 100755
--- a/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh
@@ -195,9 +195,12 @@ prepare_zbx_web_config() {
     : ${ZBX_DB_VERIFY_HOST:="false"}
     export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
     
+    export ZBX_VAULT=${ZBX_VAULT}
     export ZBX_VAULTURL=${ZBX_VAULTURL}
     export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
     export VAULT_TOKEN=${VAULT_TOKEN}
+    export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
+    export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
     
     : ${DB_DOUBLE_IEEE754:="true"}
     export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
diff --git a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php
index efa8ac849..f664ef2a4 100644
--- a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php
+++ b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php
@@ -27,9 +27,14 @@ $DB['VERIFY_HOST']		= getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
 $DB['CIPHER_LIST']		= getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
 
 // Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']		= getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']		= getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']		= getenv('VAULT_TOKEN');
+$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+
+$DB['VAULT_CACHE']		= getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
 // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
 // This option is enabled by default for new Zabbix installations.
diff --git a/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh
index 0b1b6420a..788283c9c 100755
--- a/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh
@@ -195,9 +195,12 @@ prepare_zbx_web_config() {
     : ${ZBX_DB_VERIFY_HOST:="false"}
     export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
 
+    export ZBX_VAULT=${ZBX_VAULT}
     export ZBX_VAULTURL=${ZBX_VAULTURL}
     export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
     export VAULT_TOKEN=${VAULT_TOKEN}
+    export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
+    export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
 
     : ${DB_DOUBLE_IEEE754:="true"}
     export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
diff --git a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php
index efa8ac849..f664ef2a4 100644
--- a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php
+++ b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php
@@ -27,9 +27,14 @@ $DB['VERIFY_HOST']		= getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
 $DB['CIPHER_LIST']		= getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
 
 // Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']		= getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']		= getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']		= getenv('VAULT_TOKEN');
+$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+
+$DB['VAULT_CACHE']		= getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
 // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
 // This option is enabled by default for new Zabbix installations.
diff --git a/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh
index 0b1b6420a..788283c9c 100755
--- a/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh
@@ -195,9 +195,12 @@ prepare_zbx_web_config() {
     : ${ZBX_DB_VERIFY_HOST:="false"}
     export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
 
+    export ZBX_VAULT=${ZBX_VAULT}
     export ZBX_VAULTURL=${ZBX_VAULTURL}
     export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
     export VAULT_TOKEN=${VAULT_TOKEN}
+    export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
+    export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
 
     : ${DB_DOUBLE_IEEE754:="true"}
     export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php
index efa8ac849..f664ef2a4 100644
--- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php
+++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php
@@ -27,9 +27,14 @@ $DB['VERIFY_HOST']		= getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
 $DB['CIPHER_LIST']		= getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
 
 // Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']		= getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']		= getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']		= getenv('VAULT_TOKEN');
+$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+
+$DB['VAULT_CACHE']		= getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
 // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
 // This option is enabled by default for new Zabbix installations.
diff --git a/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh
index 4e379215f..7baf4ec2b 100755
--- a/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh
@@ -195,9 +195,12 @@ prepare_zbx_web_config() {
     : ${ZBX_DB_VERIFY_HOST:="false"}
     export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
 
+    export ZBX_VAULT=${ZBX_VAULT}
     export ZBX_VAULTURL=${ZBX_VAULTURL}
     export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
     export VAULT_TOKEN=${VAULT_TOKEN}
+    export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
+    export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
 
     : ${DB_DOUBLE_IEEE754:="true"}
     export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
index efa8ac849..f664ef2a4 100644
--- a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
+++ b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
@@ -27,9 +27,14 @@ $DB['VERIFY_HOST']		= getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
 $DB['CIPHER_LIST']		= getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
 
 // Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']		= getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']		= getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']		= getenv('VAULT_TOKEN');
+$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+
+$DB['VAULT_CACHE']		= getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
 // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
 // This option is enabled by default for new Zabbix installations.
diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh
index 32bd1a225..6c4033503 100755
--- a/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh
@@ -195,9 +195,12 @@ prepare_zbx_web_config() {
     : ${ZBX_DB_VERIFY_HOST:="false"}
     export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
 
+    export ZBX_VAULT=${ZBX_VAULT}
     export ZBX_VAULTURL=${ZBX_VAULTURL}
     export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
     export VAULT_TOKEN=${VAULT_TOKEN}
+    export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
+    export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
 
     : ${DB_DOUBLE_IEEE754:="true"}
     export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
diff --git a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php
index efa8ac849..f664ef2a4 100644
--- a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php
+++ b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php
@@ -27,9 +27,14 @@ $DB['VERIFY_HOST']		= getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
 $DB['CIPHER_LIST']		= getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
 
 // Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']		= getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']		= getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']		= getenv('VAULT_TOKEN');
+$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+
+$DB['VAULT_CACHE']		= getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
 // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
 // This option is enabled by default for new Zabbix installations.
diff --git a/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh
index b7861f03d..0261857d9 100755
--- a/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh
@@ -195,9 +195,12 @@ prepare_zbx_web_config() {
     : ${ZBX_DB_VERIFY_HOST:="false"}
     export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
 
+    export ZBX_VAULT=${ZBX_VAULT}
     export ZBX_VAULTURL=${ZBX_VAULTURL}
     export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
     export VAULT_TOKEN=${VAULT_TOKEN}
+    export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
+    export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
 
     : ${DB_DOUBLE_IEEE754:="true"}
     export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
diff --git a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php
index efa8ac849..f664ef2a4 100644
--- a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php
+++ b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php
@@ -27,9 +27,14 @@ $DB['VERIFY_HOST']		= getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
 $DB['CIPHER_LIST']		= getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
 
 // Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']		= getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']		= getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']		= getenv('VAULT_TOKEN');
+$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+
+$DB['VAULT_CACHE']		= getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
 // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
 // This option is enabled by default for new Zabbix installations.
diff --git a/Dockerfiles/web-nginx-pgsql/centos/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/centos/docker-entrypoint.sh
index f9b620a95..2be862b4b 100755
--- a/Dockerfiles/web-nginx-pgsql/centos/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-pgsql/centos/docker-entrypoint.sh
@@ -195,9 +195,12 @@ prepare_zbx_web_config() {
     : ${ZBX_DB_VERIFY_HOST:="false"}
     export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
 
+    export ZBX_VAULT=${ZBX_VAULT}
     export ZBX_VAULTURL=${ZBX_VAULTURL}
     export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
     export VAULT_TOKEN=${VAULT_TOKEN}
+    export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
+    export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
 
     : ${DB_DOUBLE_IEEE754:="true"}
     export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
diff --git a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php
index efa8ac849..f664ef2a4 100644
--- a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php
+++ b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php
@@ -27,9 +27,14 @@ $DB['VERIFY_HOST']		= getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
 $DB['CIPHER_LIST']		= getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
 
 // Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']		= getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']		= getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']		= getenv('VAULT_TOKEN');
+$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+
+$DB['VAULT_CACHE']		= getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
 // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
 // This option is enabled by default for new Zabbix installations.
diff --git a/Dockerfiles/web-nginx-pgsql/ol/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/ol/docker-entrypoint.sh
index f9b620a95..2be862b4b 100755
--- a/Dockerfiles/web-nginx-pgsql/ol/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-pgsql/ol/docker-entrypoint.sh
@@ -195,9 +195,12 @@ prepare_zbx_web_config() {
     : ${ZBX_DB_VERIFY_HOST:="false"}
     export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
 
+    export ZBX_VAULT=${ZBX_VAULT}
     export ZBX_VAULTURL=${ZBX_VAULTURL}
     export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
     export VAULT_TOKEN=${VAULT_TOKEN}
+    export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
+    export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
 
     : ${DB_DOUBLE_IEEE754:="true"}
     export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
index efa8ac849..f664ef2a4 100644
--- a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
+++ b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
@@ -27,9 +27,14 @@ $DB['VERIFY_HOST']		= getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
 $DB['CIPHER_LIST']		= getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
 
 // Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']		= getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']		= getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']		= getenv('VAULT_TOKEN');
+$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+
+$DB['VAULT_CACHE']		= getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
 // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
 // This option is enabled by default for new Zabbix installations.
diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/ubuntu/docker-entrypoint.sh
index 593cb3158..f559b2091 100755
--- a/Dockerfiles/web-nginx-pgsql/ubuntu/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-pgsql/ubuntu/docker-entrypoint.sh
@@ -195,9 +195,12 @@ prepare_zbx_web_config() {
     : ${ZBX_DB_VERIFY_HOST:="false"}
     export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
 
+    export ZBX_VAULT=${ZBX_VAULT}
     export ZBX_VAULTURL=${ZBX_VAULTURL}
     export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
     export VAULT_TOKEN=${VAULT_TOKEN}
+    export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
+    export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
 
     : ${DB_DOUBLE_IEEE754:="true"}
     export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
diff --git a/env_vars/.env_prx b/env_vars/.env_prx
index 5447cf2d4..4ce9d41ca 100644
--- a/env_vars/.env_prx
+++ b/env_vars/.env_prx
@@ -61,6 +61,9 @@
 # ZBX_TLSKEYFILE=
 # ZBX_TLSPSKIDENTITY=
 # ZBX_TLSPSKFILE=
+# ZBX_VAULT=HashiCorp # Available since 6.2.0
 # ZBX_VAULTDBPATH=
+# ZBX_VAULTTLSCERTFILE= # Available since 6.2.0
+# ZBX_VAULTTLSKEYFILE= # Available since 6.2.0
 # ZBX_VAULTURL=https://127.0.0.1:8200
 # VAULT_TOKEN=
diff --git a/env_vars/.env_srv b/env_vars/.env_srv
index 39dd5e70c..7e0d0665d 100644
--- a/env_vars/.env_srv
+++ b/env_vars/.env_srv
@@ -67,7 +67,10 @@ ZBX_ENABLE_SNMP_TRAPS=true
 # ZBX_TLSCRLFILE=
 # ZBX_TLSCERTFILE=
 # ZBX_TLSKEYFILE=
+# ZBX_VAULT=HashiCorp # Available since 6.2.0
 # ZBX_VAULTDBPATH=
+# ZBX_VAULTTLSCERTFILE= # Available since 6.2.0
+# ZBX_VAULTTLSKEYFILE= # Available since 6.2.0
 # ZBX_VAULTURL=https://127.0.0.1:8200
 # VAULT_TOKEN=
 # ZBX_STARTREPORTWRITERS=0
diff --git a/env_vars/.env_web b/env_vars/.env_web
index fc0acde0f..e52884359 100644
--- a/env_vars/.env_web
+++ b/env_vars/.env_web
@@ -7,9 +7,13 @@ ZBX_SERVER_NAME=Composed installation
 # ZBX_DB_CA_FILE=/run/secrets/root-ca.pem # Available since 5.0.0
 # ZBX_DB_VERIFY_HOST=false # Available since 5.0.0
 # ZBX_DB_CIPHER_LIST= # Available since 5.0.0
+# ZBX_VAULT= # Available since 6.2.0
 # ZBX_VAULTDBPATH=
 # ZBX_VAULTURL=https://127.0.0.1:8200
 # VAULT_TOKEN=
+# ZBX_VAULTCERTFILE= # Available since 6.2.0
+# ZBX_VAULTKEYFILE= # Available since 6.2.0
+# ZBX_VAULTCACHE=false # Available since 6.2.0
 # ZBX_HISTORYSTORAGEURL=http://elasticsearch:9200/ # Available since 3.4.5
 # ZBX_HISTORYSTORAGETYPES=['uint', 'dbl', 'str', 'text', 'log'] # Available since 3.4.5
 # ZBX_SSO_SETTINGS=[] # Available since 5.0.0