####### TLS-RELATED PARAMETERS #######

### Option: Vault
#	Specifies vault:
#		HashiCorp - HashiCorp KV Secrets Engine - Version 2
#		CyberArk  - CyberArk Central Credential Provider
#
# Mandatory: no
# Default:
# Vault=HashiCorp

Vault=${ZBX_VAULT}

### Option: VaultToken
#	Vault authentication token that should have been generated exclusively for Zabbix server with read only permission
#	to paths specified in Vault macros and read only permission to path specified in optional VaultDBPath
#	configuration parameter.
#	It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time.
#
# Mandatory: no
#	(yes, if Vault is explicitly set to HashiCorp)
# Default:
# VaultToken=

### Option: VaultURL
#	Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified.
#
# Mandatory: no
# Default:
# VaultURL=https://127.0.0.1:8200

VaultURL=${ZBX_VAULTURL}

### Option: VaultPrefix
#	Custom prefix for Vault path or query depending on the Vault.
#	Most suitable defaults will be used if not specified.
#	Note that 'data' is automatically appended after mountpoint for HashiCorp if VaultPrefix is not specified.
#	Example prefix for HashiCorp:
#		/v1/secret/data/zabbix/
#	Example prefix for CyberArk:
#		/AIMWebService/api/Accounts?
# Mandatory: no
# Default:
# VaultPrefix=

VaultPrefix=${ZBX_VAULTPREFIX}

### Option: VaultDBPath
#	Vault path or query depending on the Vault from where credentials for database will be retrieved by keys.
#	Keys used for HashiCorp are 'password' and 'username'.
#		Example path with VaultPrefix=/v1/secret/data/zabbix/:
#		database
#		Example path without VaultPrefix:
#			secret/zabbix/database
#	Keys used for CyberArk are 'Content' and 'UserName'.
#	Example query:
#			AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_server_database
#	This option can only be used if DBUser and DBPassword are not specified.
#
# Mandatory: no
# Default:
# VaultDBPath=

VaultDBPath=${ZBX_VAULTDBPATH}

### Option: VaultTLSCertFile
#	Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format.
#	If the certificate file contains also the private key, leave the SSL key file field empty. The directory
#	containing this file is specified by configuration parameter SSLCertLocation.
#
# Mandatory: no
# Default:
# VaultTLSCertFile=

VaultTLSCertFile=${ZBX_VAULTTLSCERTFILE}

### Option: VaultTLSKeyFile
#	Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format.
#	The directory containing this file is specified by configuration parameter SSLKeyLocation.
#
# Mandatory: no
# Default:
# VaultTLSKeyFile=

VaultTLSKeyFile=${ZBX_VAULTTLSKEYFILE}