Update utils.go to look more like Gitleaks version

Revert "Revert "feat(helm-charts/infiscal-core): topologySpreadConstraints support""

backend/src/db/instance.ts

@@ -110,7 +110,8 @@ export const initAuditLogDbConnection = ({
     },
     migrations: {
       tableName: "infisical_migrations"
-    }
+    },
+    pool: { min: 0, max: 10 }
   });
 
   // we add these overrides so that auditLogDb and the primary DB are interchangeable

backend/src/db/migrations/20250630212553_user-latest-invite.ts

@@ -0,0 +1,21 @@
+import { Knex } from "knex";
+
+import { TableName } from "../schemas";
+
+export async function up(knex: Knex): Promise<void> {
+  const hasColumn = await knex.schema.hasColumn(TableName.OrgMembership, "lastInvitedAt");
+  await knex.schema.alterTable(TableName.OrgMembership, (t) => {
+    if (!hasColumn) {
+      t.datetime("lastInvitedAt").nullable();
+    }
+  });
+}
+
+export async function down(knex: Knex): Promise<void> {
+  const hasColumn = await knex.schema.hasColumn(TableName.OrgMembership, "lastInvitedAt");
+  await knex.schema.alterTable(TableName.OrgMembership, (t) => {
+    if (hasColumn) {
+      t.dropColumn("lastInvitedAt");
+    }
+  });
+}

backend/src/db/schemas/org-memberships.ts

@@ -18,7 +18,8 @@ export const OrgMembershipsSchema = z.object({
   orgId: z.string().uuid(),
   roleId: z.string().uuid().nullable().optional(),
   projectFavorites: z.string().array().nullable().optional(),
-  isActive: z.boolean().default(true)
+  isActive: z.boolean().default(true),
+  lastInvitedAt: z.date().nullable().optional()
 });
 
 export type TOrgMemberships = z.infer<typeof OrgMembershipsSchema>;

backend/src/ee/routes/v1/project-router.ts

@@ -111,15 +111,38 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
       params: z.object({
         workspaceId: z.string().trim().describe(AUDIT_LOGS.EXPORT.projectId)
       }),
-      querystring: z.object({
-        eventType: z.nativeEnum(EventType).optional().describe(AUDIT_LOGS.EXPORT.eventType),
-        userAgentType: z.nativeEnum(UserAgentType).optional().describe(AUDIT_LOGS.EXPORT.userAgentType),
-        startDate: z.string().datetime().optional().describe(AUDIT_LOGS.EXPORT.startDate),
-        endDate: z.string().datetime().optional().describe(AUDIT_LOGS.EXPORT.endDate),
-        offset: z.coerce.number().default(0).describe(AUDIT_LOGS.EXPORT.offset),
-        limit: z.coerce.number().default(20).describe(AUDIT_LOGS.EXPORT.limit),
-        actor: z.string().optional().describe(AUDIT_LOGS.EXPORT.actor)
-      }),
+      querystring: z
+        .object({
+          eventType: z.nativeEnum(EventType).optional().describe(AUDIT_LOGS.EXPORT.eventType),
+          userAgentType: z.nativeEnum(UserAgentType).optional().describe(AUDIT_LOGS.EXPORT.userAgentType),
+          startDate: z.string().datetime().optional().describe(AUDIT_LOGS.EXPORT.startDate),
+          endDate: z.string().datetime().optional().describe(AUDIT_LOGS.EXPORT.endDate),
+          offset: z.coerce.number().default(0).describe(AUDIT_LOGS.EXPORT.offset),
+          limit: z.coerce.number().max(1000).default(20).describe(AUDIT_LOGS.EXPORT.limit),
+          actor: z.string().optional().describe(AUDIT_LOGS.EXPORT.actor)
+        })
+        .superRefine((el, ctx) => {
+          if (el.endDate && el.startDate) {
+            const startDate = new Date(el.startDate);
+            const endDate = new Date(el.endDate);
+            const maxAllowedDate = new Date(startDate);
+            maxAllowedDate.setMonth(maxAllowedDate.getMonth() + 3);
+            if (endDate < startDate) {
+              ctx.addIssue({
+                code: z.ZodIssueCode.custom,
+                path: ["endDate"],
+                message: "End date cannot be before start date"
+              });
+            }
+            if (endDate > maxAllowedDate) {
+              ctx.addIssue({
+                code: z.ZodIssueCode.custom,
+                path: ["endDate"],
+                message: "Dates must be within 3 months"
+              });
+            }
+          }
+        }),
       response: {
         200: z.object({
           auditLogs: AuditLogsSchema.omit({
@@ -161,7 +184,7 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
         filter: {
           ...req.query,
           projectId: req.params.workspaceId,
-          endDate: req.query.endDate,
+          endDate: req.query.endDate || new Date().toISOString(),
           startDate: req.query.startDate || getLastMidnightDateISO(),
           auditLogActorId: req.query.actor,
           eventType: req.query.eventType ? [req.query.eventType] : undefined

backend/src/ee/services/audit-log/audit-log-dal.ts

@@ -30,10 +30,10 @@ type TFindQuery = {
   actor?: string;
   projectId?: string;
   environment?: string;
-  orgId?: string;
+  orgId: string;
   eventType?: string;
-  startDate?: string;
-  endDate?: string;
+  startDate: string;
+  endDate: string;
   userAgentType?: string;
   limit?: number;
   offset?: number;
@@ -61,18 +61,15 @@ export const auditLogDALFactory = (db: TDbClient) => {
     },
     tx
   ) => {
-    if (!orgId && !projectId) {
-      throw new Error("Either orgId or projectId must be provided");
-    }
-
     try {
       // Find statements
       const sqlQuery = (tx || db.replicaNode())(TableName.AuditLog)
+        .where(`${TableName.AuditLog}.orgId`, orgId)
+        .whereRaw(`"${TableName.AuditLog}"."createdAt" >= ?::timestamptz`, [startDate])
+        .andWhereRaw(`"${TableName.AuditLog}"."createdAt" < ?::timestamptz`, [endDate])
         // eslint-disable-next-line func-names
         .where(function () {
-          if (orgId) {
-            void this.where(`${TableName.AuditLog}.orgId`, orgId);
-          } else if (projectId) {
+          if (projectId) {
             void this.where(`${TableName.AuditLog}.projectId`, projectId);
           }
         });
@@ -135,14 +132,6 @@ export const auditLogDALFactory = (db: TDbClient) => {
         void sqlQuery.whereIn("eventType", eventType);
       }
 
-      // Filter by date range
-      if (startDate) {
-        void sqlQuery.whereRaw(`"${TableName.AuditLog}"."createdAt" >= ?::timestamptz`, [startDate]);
-      }
-      if (endDate) {
-        void sqlQuery.whereRaw(`"${TableName.AuditLog}"."createdAt" <= ?::timestamptz`, [endDate]);
-      }
-
       // we timeout long running queries to prevent DB resource issues (2 minutes)
       const docs = await sqlQuery.timeout(1000 * 120);
 
@@ -174,6 +163,8 @@ export const auditLogDALFactory = (db: TDbClient) => {
       try {
         const findExpiredLogSubQuery = (tx || db)(TableName.AuditLog)
           .where("expiresAt", "<", today)
+          .where("createdAt", "<", today) // to use audit log partition
+          .orderBy(`${TableName.AuditLog}.createdAt`, "desc")
           .select("id")
           .limit(AUDIT_LOG_PRUNE_BATCH_SIZE);
 

backend/src/ee/services/audit-log/audit-log-service.ts

@@ -67,7 +67,8 @@ export const auditLogServiceFactory = ({
       secretPath: filter.secretPath,
       secretKey: filter.secretKey,
       environment: filter.environment,
-      ...(filter.projectId ? { projectId: filter.projectId } : { orgId: actorOrgId })
+      orgId: actorOrgId,
+      ...(filter.projectId ? { projectId: filter.projectId } : {})
     });
 
     return auditLogs.map(({ eventType: logEventType, actor: eActor, actorMetadata, eventMetadata, ...el }) => ({

backend/src/ee/services/audit-log/audit-log-types.ts

@@ -56,8 +56,8 @@ export type TListProjectAuditLogDTO = {
     eventType?: EventType[];
     offset?: number;
     limit: number;
-    endDate?: string;
-    startDate?: string;
+    endDate: string;
+    startDate: string;
     projectId?: string;
     environment?: string;
     auditLogActorId?: string;

backend/src/ee/services/secret-scanning-v2/secret-scanning-v2-queue.ts

@@ -318,7 +318,7 @@ export const secretScanningV2QueueServiceFactory = async ({
     },
     {
       batchSize: 1,
-      workerCount: 20,
+      workerCount: 2,
       pollingIntervalSeconds: 1
     }
   );
@@ -539,7 +539,7 @@ export const secretScanningV2QueueServiceFactory = async ({
     },
     {
       batchSize: 1,
-      workerCount: 20,
+      workerCount: 2,
       pollingIntervalSeconds: 1
     }
   );
@@ -613,7 +613,7 @@ export const secretScanningV2QueueServiceFactory = async ({
     },
     {
       batchSize: 1,
-      workerCount: 5,
+      workerCount: 2,
       pollingIntervalSeconds: 1
     }
   );

backend/src/lib/api-docs/constants.ts

@@ -2268,6 +2268,10 @@ export const AppConnections = {
       accessToken: "The Access Token used to access GitLab.",
       code: "The OAuth code to use to connect with GitLab.",
       accessTokenType: "The type of token used to connect with GitLab."
+    },
+    ZABBIX: {
+      apiToken: "The API Token used to access Zabbix.",
+      instanceUrl: "The Zabbix instance URL to connect with."
     }
   }
 };
@@ -2457,6 +2461,12 @@ export const SecretSyncs = {
     CLOUDFLARE_PAGES: {
       projectName: "The name of the Cloudflare Pages project to sync secrets to.",
       environment: "The environment of the Cloudflare Pages project to sync secrets to."
+    },
+    ZABBIX: {
+      scope: "The Zabbix scope that secrets should be synced to.",
+      hostId: "The ID of the Zabbix host to sync secrets to.",
+      hostName: "The name of the Zabbix host to sync secrets to.",
+      macroType: "The type of macro to sync secrets to. (0: Text, 1: Secret)"
     }
   }
 };

backend/src/server/routes/index.ts

@@ -1615,7 +1615,8 @@ export const registerRoutes = async (
     secretSharingDAL,
     secretVersionV2DAL: secretVersionV2BridgeDAL,
     identityUniversalAuthClientSecretDAL: identityUaClientSecretDAL,
-    serviceTokenService
+    serviceTokenService,
+    orgService
   });
 
   const dailyExpiringPkiItemAlert = dailyExpiringPkiItemAlertQueueServiceFactory({

backend/src/server/routes/v1/app-connection-routers/app-connection-router.ts

@@ -84,6 +84,7 @@ import {
   SanitizedWindmillConnectionSchema,
   WindmillConnectionListItemSchema
 } from "@app/services/app-connection/windmill";
+import { SanitizedZabbixConnectionSchema, ZabbixConnectionListItemSchema } from "@app/services/app-connection/zabbix";
 import { AuthMode } from "@app/services/auth/auth-type";
 
 // can't use discriminated due to multiple schemas for certain apps
@@ -116,7 +117,8 @@ const SanitizedAppConnectionSchema = z.union([
   ...SanitizedRenderConnectionSchema.options,
   ...SanitizedFlyioConnectionSchema.options,
   ...SanitizedGitLabConnectionSchema.options,
-  ...SanitizedCloudflareConnectionSchema.options
+  ...SanitizedCloudflareConnectionSchema.options,
+  ...SanitizedZabbixConnectionSchema.options
 ]);
 
 const AppConnectionOptionsSchema = z.discriminatedUnion("app", [
@@ -148,7 +150,8 @@ const AppConnectionOptionsSchema = z.discriminatedUnion("app", [
   RenderConnectionListItemSchema,
   FlyioConnectionListItemSchema,
   GitLabConnectionListItemSchema,
-  CloudflareConnectionListItemSchema
+  CloudflareConnectionListItemSchema,
+  ZabbixConnectionListItemSchema
 ]);
 
 export const registerAppConnectionRouter = async (server: FastifyZodProvider) => {

backend/src/server/routes/v1/app-connection-routers/index.ts

@@ -29,6 +29,7 @@ import { registerTeamCityConnectionRouter } from "./teamcity-connection-router";
 import { registerTerraformCloudConnectionRouter } from "./terraform-cloud-router";
 import { registerVercelConnectionRouter } from "./vercel-connection-router";
 import { registerWindmillConnectionRouter } from "./windmill-connection-router";
+import { registerZabbixConnectionRouter } from "./zabbix-connection-router";
 
 export * from "./app-connection-router";
 
@@ -62,5 +63,6 @@ export const APP_CONNECTION_REGISTER_ROUTER_MAP: Record<AppConnection, (server:
     [AppConnection.Render]: registerRenderConnectionRouter,
     [AppConnection.Flyio]: registerFlyioConnectionRouter,
     [AppConnection.GitLab]: registerGitLabConnectionRouter,
-    [AppConnection.Cloudflare]: registerCloudflareConnectionRouter
+    [AppConnection.Cloudflare]: registerCloudflareConnectionRouter,
+    [AppConnection.Zabbix]: registerZabbixConnectionRouter
   };

backend/src/server/routes/v1/app-connection-routers/zabbix-connection-router.ts

@@ -0,0 +1,51 @@
+import z from "zod";
+
+import { readLimit } from "@app/server/config/rateLimiter";
+import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
+import { AppConnection } from "@app/services/app-connection/app-connection-enums";
+import {
+  CreateZabbixConnectionSchema,
+  SanitizedZabbixConnectionSchema,
+  UpdateZabbixConnectionSchema
+} from "@app/services/app-connection/zabbix";
+import { AuthMode } from "@app/services/auth/auth-type";
+
+import { registerAppConnectionEndpoints } from "./app-connection-endpoints";
+
+export const registerZabbixConnectionRouter = async (server: FastifyZodProvider) => {
+  registerAppConnectionEndpoints({
+    app: AppConnection.Zabbix,
+    server,
+    sanitizedResponseSchema: SanitizedZabbixConnectionSchema,
+    createSchema: CreateZabbixConnectionSchema,
+    updateSchema: UpdateZabbixConnectionSchema
+  });
+
+  // The following endpoints are for internal Infisical App use only and not part of the public API
+  server.route({
+    method: "GET",
+    url: `/:connectionId/hosts`,
+    config: {
+      rateLimit: readLimit
+    },
+    schema: {
+      params: z.object({
+        connectionId: z.string().uuid()
+      }),
+      response: {
+        200: z
+          .object({
+            hostId: z.string(),
+            host: z.string()
+          })
+          .array()
+      }
+    },
+    onRequest: verifyAuth([AuthMode.JWT]),
+    handler: async (req) => {
+      const { connectionId } = req.params;
+      const hosts = await server.services.appConnection.zabbix.listHosts(connectionId, req.permission);
+      return hosts;
+    }
+  });
+};

backend/src/server/routes/v1/organization-router.ts

@@ -113,52 +113,73 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
       hide: false,
       tags: [ApiDocsTags.AuditLogs],
       description: "Get all audit logs for an organization",
-      querystring: z.object({
-        projectId: z.string().optional().describe(AUDIT_LOGS.EXPORT.projectId),
-        environment: z.string().optional().describe(AUDIT_LOGS.EXPORT.environment),
-        actorType: z.nativeEnum(ActorType).optional(),
-        secretPath: z
-          .string()
-          .optional()
-          .transform((val) => (!val ? val : removeTrailingSlash(val)))
-          .describe(AUDIT_LOGS.EXPORT.secretPath),
-        secretKey: z.string().optional().describe(AUDIT_LOGS.EXPORT.secretKey),
+      querystring: z
+        .object({
+          projectId: z.string().optional().describe(AUDIT_LOGS.EXPORT.projectId),
+          environment: z.string().optional().describe(AUDIT_LOGS.EXPORT.environment),
+          actorType: z.nativeEnum(ActorType).optional(),
+          secretPath: z
+            .string()
+            .optional()
+            .transform((val) => (!val ? val : removeTrailingSlash(val)))
+            .describe(AUDIT_LOGS.EXPORT.secretPath),
+          secretKey: z.string().optional().describe(AUDIT_LOGS.EXPORT.secretKey),
+          // eventType is split with , for multiple values, we need to transform it to array
+          eventType: z
+            .string()
+            .optional()
+            .transform((val) => (val ? val.split(",") : undefined)),
+          userAgentType: z.nativeEnum(UserAgentType).optional().describe(AUDIT_LOGS.EXPORT.userAgentType),
+          eventMetadata: z
+            .string()
+            .optional()
+            .transform((val) => {
+              if (!val) {
+                return undefined;
+              }
 
-        // eventType is split with , for multiple values, we need to transform it to array
-        eventType: z
-          .string()
-          .optional()
-          .transform((val) => (val ? val.split(",") : undefined)),
-        userAgentType: z.nativeEnum(UserAgentType).optional().describe(AUDIT_LOGS.EXPORT.userAgentType),
-        eventMetadata: z
-          .string()
-          .optional()
-          .transform((val) => {
-            if (!val) {
-              return undefined;
+              const pairs = val.split(",");
+
+              return pairs.reduce(
+                (acc, pair) => {
+                  const [key, value] = pair.split("=");
+                  if (key && value) {
+                    acc[key] = value;
+                  }
+                  return acc;
+                },
+                {} as Record<string, string>
+              );
+            })
+            .describe(AUDIT_LOGS.EXPORT.eventMetadata),
+          startDate: z.string().datetime().optional().describe(AUDIT_LOGS.EXPORT.startDate),
+          endDate: z.string().datetime().optional().describe(AUDIT_LOGS.EXPORT.endDate),
+          offset: z.coerce.number().default(0).describe(AUDIT_LOGS.EXPORT.offset),
+          limit: z.coerce.number().max(1000).default(20).describe(AUDIT_LOGS.EXPORT.limit),
+          actor: z.string().optional().describe(AUDIT_LOGS.EXPORT.actor)
+        })
+        .superRefine((el, ctx) => {
+          if (el.endDate && el.startDate) {
+            const startDate = new Date(el.startDate);
+            const endDate = new Date(el.endDate);
+            const maxAllowedDate = new Date(startDate);
+            maxAllowedDate.setMonth(maxAllowedDate.getMonth() + 3);
+            if (endDate < startDate) {
+              ctx.addIssue({
+                code: z.ZodIssueCode.custom,
+                path: ["endDate"],
+                message: "End date cannot be before start date"
+              });
             }
-
-            const pairs = val.split(",");
-
-            return pairs.reduce(
-              (acc, pair) => {
-                const [key, value] = pair.split("=");
-                if (key && value) {
-                  acc[key] = value;
-                }
-                return acc;
-              },
-              {} as Record<string, string>
-            );
-          })
-          .describe(AUDIT_LOGS.EXPORT.eventMetadata),
-        startDate: z.string().datetime().optional().describe(AUDIT_LOGS.EXPORT.startDate),
-        endDate: z.string().datetime().optional().describe(AUDIT_LOGS.EXPORT.endDate),
-        offset: z.coerce.number().default(0).describe(AUDIT_LOGS.EXPORT.offset),
-        limit: z.coerce.number().default(20).describe(AUDIT_LOGS.EXPORT.limit),
-        actor: z.string().optional().describe(AUDIT_LOGS.EXPORT.actor)
-      }),
-
+            if (endDate > maxAllowedDate) {
+              ctx.addIssue({
+                code: z.ZodIssueCode.custom,
+                path: ["endDate"],
+                message: "Dates must be within 3 months"
+              });
+            }
+          }
+        }),
       response: {
         200: z.object({
           auditLogs: AuditLogsSchema.omit({
@@ -188,14 +209,13 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
       const auditLogs = await server.services.auditLog.listAuditLogs({
         filter: {
           ...req.query,
-          endDate: req.query.endDate,
+          endDate: req.query.endDate || new Date().toISOString(),
           projectId: req.query.projectId,
           startDate: req.query.startDate || getLastMidnightDateISO(),
           auditLogActorId: req.query.actor,
           actorType: req.query.actorType,
           eventType: req.query.eventType as EventType[] | undefined
         },
-
         actorId: req.permission.id,
         actorOrgId: req.permission.orgId,
         actorAuthMethod: req.permission.authMethod,

backend/src/server/routes/v1/secret-sync-routers/index.ts

@@ -22,6 +22,7 @@ import { registerTeamCitySyncRouter } from "./teamcity-sync-router";
 import { registerTerraformCloudSyncRouter } from "./terraform-cloud-sync-router";
 import { registerVercelSyncRouter } from "./vercel-sync-router";
 import { registerWindmillSyncRouter } from "./windmill-sync-router";
+import { registerZabbixSyncRouter } from "./zabbix-sync-router";
 
 export * from "./secret-sync-router";
 
@@ -47,5 +48,6 @@ export const SECRET_SYNC_REGISTER_ROUTER_MAP: Record<SecretSync, (server: Fastif
   [SecretSync.Render]: registerRenderSyncRouter,
   [SecretSync.Flyio]: registerFlyioSyncRouter,
   [SecretSync.GitLab]: registerGitLabSyncRouter,
-  [SecretSync.CloudflarePages]: registerCloudflarePagesSyncRouter
+  [SecretSync.CloudflarePages]: registerCloudflarePagesSyncRouter,
+  [SecretSync.Zabbix]: registerZabbixSyncRouter
 };

backend/src/server/routes/v1/secret-sync-routers/secret-sync-router.ts

@@ -39,6 +39,7 @@ import { TeamCitySyncListItemSchema, TeamCitySyncSchema } from "@app/services/se
 import { TerraformCloudSyncListItemSchema, TerraformCloudSyncSchema } from "@app/services/secret-sync/terraform-cloud";
 import { VercelSyncListItemSchema, VercelSyncSchema } from "@app/services/secret-sync/vercel";
 import { WindmillSyncListItemSchema, WindmillSyncSchema } from "@app/services/secret-sync/windmill";
+import { ZabbixSyncListItemSchema, ZabbixSyncSchema } from "@app/services/secret-sync/zabbix";
 
 const SecretSyncSchema = z.discriminatedUnion("destination", [
   AwsParameterStoreSyncSchema,
@@ -62,7 +63,8 @@ const SecretSyncSchema = z.discriminatedUnion("destination", [
   RenderSyncSchema,
   FlyioSyncSchema,
   GitLabSyncSchema,
-  CloudflarePagesSyncSchema
+  CloudflarePagesSyncSchema,
+  ZabbixSyncSchema
 ]);
 
 const SecretSyncOptionsSchema = z.discriminatedUnion("destination", [
@@ -87,7 +89,8 @@ const SecretSyncOptionsSchema = z.discriminatedUnion("destination", [
   RenderSyncListItemSchema,
   FlyioSyncListItemSchema,
   GitLabSyncListItemSchema,
-  CloudflarePagesSyncListItemSchema
+  CloudflarePagesSyncListItemSchema,
+  ZabbixSyncListItemSchema
 ]);
 
 export const registerSecretSyncRouter = async (server: FastifyZodProvider) => {

backend/src/server/routes/v1/secret-sync-routers/zabbix-sync-router.ts

@@ -0,0 +1,13 @@
+import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
+import { CreateZabbixSyncSchema, UpdateZabbixSyncSchema, ZabbixSyncSchema } from "@app/services/secret-sync/zabbix";
+
+import { registerSyncSecretsEndpoints } from "./secret-sync-endpoints";
+
+export const registerZabbixSyncRouter = async (server: FastifyZodProvider) =>
+  registerSyncSecretsEndpoints({
+    destination: SecretSync.Zabbix,
+    server,
+    responseSchema: ZabbixSyncSchema,
+    createSchema: CreateZabbixSyncSchema,
+    updateSchema: UpdateZabbixSyncSchema
+  });

backend/src/services/app-connection/app-connection-enums.ts

@@ -27,7 +27,8 @@ export enum AppConnection {
   Render = "render",
   Flyio = "flyio",
   GitLab = "gitlab",
-  Cloudflare = "cloudflare"
+  Cloudflare = "cloudflare",
+  Zabbix = "zabbix"
 }
 
 export enum AWSRegion {

backend/src/services/app-connection/app-connection-fns.ts

@@ -105,6 +105,7 @@ import {
   validateWindmillConnectionCredentials,
   WindmillConnectionMethod
 } from "./windmill";
+import { getZabbixConnectionListItem, validateZabbixConnectionCredentials, ZabbixConnectionMethod } from "./zabbix";
 
 export const listAppConnectionOptions = () => {
   return [
@@ -136,7 +137,8 @@ export const listAppConnectionOptions = () => {
     getRenderConnectionListItem(),
     getFlyioConnectionListItem(),
     getGitLabConnectionListItem(),
-    getCloudflareConnectionListItem()
+    getCloudflareConnectionListItem(),
+    getZabbixConnectionListItem()
   ].sort((a, b) => a.name.localeCompare(b.name));
 };
 
@@ -216,7 +218,8 @@ export const validateAppConnectionCredentials = async (
     [AppConnection.Render]: validateRenderConnectionCredentials as TAppConnectionCredentialsValidator,
     [AppConnection.Flyio]: validateFlyioConnectionCredentials as TAppConnectionCredentialsValidator,
     [AppConnection.GitLab]: validateGitLabConnectionCredentials as TAppConnectionCredentialsValidator,
-    [AppConnection.Cloudflare]: validateCloudflareConnectionCredentials as TAppConnectionCredentialsValidator
+    [AppConnection.Cloudflare]: validateCloudflareConnectionCredentials as TAppConnectionCredentialsValidator,
+    [AppConnection.Zabbix]: validateZabbixConnectionCredentials as TAppConnectionCredentialsValidator
   };
 
   return VALIDATE_APP_CONNECTION_CREDENTIALS_MAP[appConnection.app](appConnection);
@@ -253,6 +256,7 @@ export const getAppConnectionMethodName = (method: TAppConnection["method"]) =>
     case VercelConnectionMethod.ApiToken:
     case OnePassConnectionMethod.ApiToken:
     case CloudflareConnectionMethod.APIToken:
+    case ZabbixConnectionMethod.ApiToken:
       return "API Token";
     case PostgresConnectionMethod.UsernameAndPassword:
     case MsSqlConnectionMethod.UsernameAndPassword:
@@ -332,7 +336,8 @@ export const TRANSITION_CONNECTION_CREDENTIALS_TO_PLATFORM: Record<
   [AppConnection.Render]: platformManagedCredentialsNotSupported,
   [AppConnection.Flyio]: platformManagedCredentialsNotSupported,
   [AppConnection.GitLab]: platformManagedCredentialsNotSupported,
-  [AppConnection.Cloudflare]: platformManagedCredentialsNotSupported
+  [AppConnection.Cloudflare]: platformManagedCredentialsNotSupported,
+  [AppConnection.Zabbix]: platformManagedCredentialsNotSupported
 };
 
 export const enterpriseAppCheck = async (

backend/src/services/app-connection/app-connection-maps.ts

@@ -29,7 +29,8 @@ export const APP_CONNECTION_NAME_MAP: Record<AppConnection, string> = {
   [AppConnection.Render]: "Render",
   [AppConnection.Flyio]: "Fly.io",
   [AppConnection.GitLab]: "GitLab",
-  [AppConnection.Cloudflare]: "Cloudflare"
+  [AppConnection.Cloudflare]: "Cloudflare",
+  [AppConnection.Zabbix]: "Zabbix"
 };
 
 export const APP_CONNECTION_PLAN_MAP: Record<AppConnection, AppConnectionPlanType> = {
@@ -61,5 +62,6 @@ export const APP_CONNECTION_PLAN_MAP: Record<AppConnection, AppConnectionPlanTyp
   [AppConnection.Render]: AppConnectionPlanType.Regular,
   [AppConnection.Flyio]: AppConnectionPlanType.Regular,
   [AppConnection.GitLab]: AppConnectionPlanType.Regular,
-  [AppConnection.Cloudflare]: AppConnectionPlanType.Regular
+  [AppConnection.Cloudflare]: AppConnectionPlanType.Regular,
+  [AppConnection.Zabbix]: AppConnectionPlanType.Regular
 };

backend/src/services/app-connection/app-connection-service.ts

@@ -80,6 +80,8 @@ import { ValidateVercelConnectionCredentialsSchema } from "./vercel";
 import { vercelConnectionService } from "./vercel/vercel-connection-service";
 import { ValidateWindmillConnectionCredentialsSchema } from "./windmill";
 import { windmillConnectionService } from "./windmill/windmill-connection-service";
+import { ValidateZabbixConnectionCredentialsSchema } from "./zabbix";
+import { zabbixConnectionService } from "./zabbix/zabbix-connection-service";
 
 export type TAppConnectionServiceFactoryDep = {
   appConnectionDAL: TAppConnectionDALFactory;
@@ -119,7 +121,8 @@ const VALIDATE_APP_CONNECTION_CREDENTIALS_MAP: Record<AppConnection, TValidateAp
   [AppConnection.Render]: ValidateRenderConnectionCredentialsSchema,
   [AppConnection.Flyio]: ValidateFlyioConnectionCredentialsSchema,
   [AppConnection.GitLab]: ValidateGitLabConnectionCredentialsSchema,
-  [AppConnection.Cloudflare]: ValidateCloudflareConnectionCredentialsSchema
+  [AppConnection.Cloudflare]: ValidateCloudflareConnectionCredentialsSchema,
+  [AppConnection.Zabbix]: ValidateZabbixConnectionCredentialsSchema
 };
 
 export const appConnectionServiceFactory = ({
@@ -529,6 +532,7 @@ export const appConnectionServiceFactory = ({
     render: renderConnectionService(connectAppConnectionById),
     flyio: flyioConnectionService(connectAppConnectionById),
     gitlab: gitlabConnectionService(connectAppConnectionById, appConnectionDAL, kmsService),
-    cloudflare: cloudflareConnectionService(connectAppConnectionById)
+    cloudflare: cloudflareConnectionService(connectAppConnectionById),
+    zabbix: zabbixConnectionService(connectAppConnectionById)
   };
 };

backend/src/services/app-connection/app-connection-types.ts

@@ -165,6 +165,12 @@ import {
   TWindmillConnectionConfig,
   TWindmillConnectionInput
 } from "./windmill";
+import {
+  TValidateZabbixConnectionCredentialsSchema,
+  TZabbixConnection,
+  TZabbixConnectionConfig,
+  TZabbixConnectionInput
+} from "./zabbix";
 
 export type TAppConnection = { id: string } & (
   | TAwsConnection
@@ -196,6 +202,7 @@ export type TAppConnection = { id: string } & (
   | TFlyioConnection
   | TGitLabConnection
   | TCloudflareConnection
+  | TZabbixConnection
 );
 
 export type TAppConnectionRaw = NonNullable<Awaited<ReturnType<TAppConnectionDALFactory["findById"]>>>;
@@ -232,6 +239,7 @@ export type TAppConnectionInput = { id: string } & (
   | TFlyioConnectionInput
   | TGitLabConnectionInput
   | TCloudflareConnectionInput
+  | TZabbixConnectionInput
 );
 
 export type TSqlConnectionInput =
@@ -275,7 +283,8 @@ export type TAppConnectionConfig =
   | TRenderConnectionConfig
   | TFlyioConnectionConfig
   | TGitLabConnectionConfig
-  | TCloudflareConnectionConfig;
+  | TCloudflareConnectionConfig
+  | TZabbixConnectionConfig;
 
 export type TValidateAppConnectionCredentialsSchema =
   | TValidateAwsConnectionCredentialsSchema
@@ -306,7 +315,8 @@ export type TValidateAppConnectionCredentialsSchema =
   | TValidateRenderConnectionCredentialsSchema
   | TValidateFlyioConnectionCredentialsSchema
   | TValidateGitLabConnectionCredentialsSchema
-  | TValidateCloudflareConnectionCredentialsSchema;
+  | TValidateCloudflareConnectionCredentialsSchema
+  | TValidateZabbixConnectionCredentialsSchema;
 
 export type TListAwsConnectionKmsKeys = {
   connectionId: string;

backend/src/services/app-connection/zabbix/index.ts

@@ -0,0 +1,4 @@
+export * from "./zabbix-connection-enums";
+export * from "./zabbix-connection-fns";
+export * from "./zabbix-connection-schemas";
+export * from "./zabbix-connection-types";

backend/src/services/app-connection/zabbix/zabbix-connection-enums.ts

@@ -0,0 +1,3 @@
+export enum ZabbixConnectionMethod {
+  ApiToken = "api-token"
+}

backend/src/services/app-connection/zabbix/zabbix-connection-fns.ts

@@ -0,0 +1,108 @@
+import { AxiosError } from "axios";
+import RE2 from "re2";
+
+import { request } from "@app/lib/config/request";
+import { BadRequestError } from "@app/lib/errors";
+import { blockLocalAndPrivateIpAddresses } from "@app/lib/validator";
+import { AppConnection } from "@app/services/app-connection/app-connection-enums";
+
+import { ZabbixConnectionMethod } from "./zabbix-connection-enums";
+import {
+  TZabbixConnection,
+  TZabbixConnectionConfig,
+  TZabbixHost,
+  TZabbixHostListResponse
+} from "./zabbix-connection-types";
+
+const TRAILING_SLASH_REGEX = new RE2("/+$");
+
+export const getZabbixConnectionListItem = () => {
+  return {
+    name: "Zabbix" as const,
+    app: AppConnection.Zabbix as const,
+    methods: Object.values(ZabbixConnectionMethod) as [ZabbixConnectionMethod.ApiToken]
+  };
+};
+
+export const validateZabbixConnectionCredentials = async (config: TZabbixConnectionConfig) => {
+  const { apiToken, instanceUrl } = config.credentials;
+  await blockLocalAndPrivateIpAddresses(instanceUrl);
+
+  try {
+    const apiUrl = `${instanceUrl.replace(TRAILING_SLASH_REGEX, "")}/api_jsonrpc.php`;
+
+    const payload = {
+      jsonrpc: "2.0",
+      method: "authentication.get",
+      params: {
+        output: "extend"
+      },
+      id: 1
+    };
+
+    const response: { data: { error?: { message: string }; result?: string } } = await request.post(apiUrl, payload, {
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${apiToken}`
+      }
+    });
+
+    if (response.data.error) {
+      throw new BadRequestError({
+        message: response.data.error.message
+      });
+    }
+
+    return config.credentials;
+  } catch (error) {
+    if (error instanceof AxiosError) {
+      throw new BadRequestError({
+        message: `Failed to connect to Zabbix instance: ${error.message}`
+      });
+    }
+    throw error;
+  }
+};
+
+export const listZabbixHosts = async (appConnection: TZabbixConnection): Promise<TZabbixHost[]> => {
+  const { apiToken, instanceUrl } = appConnection.credentials;
+  await blockLocalAndPrivateIpAddresses(instanceUrl);
+
+  try {
+    const apiUrl = `${instanceUrl.replace(TRAILING_SLASH_REGEX, "")}/api_jsonrpc.php`;
+
+    const payload = {
+      jsonrpc: "2.0",
+      method: "host.get",
+      params: {
+        output: ["hostid", "host"],
+        sortfield: "host",
+        sortorder: "ASC"
+      },
+      id: 1
+    };
+
+    const response: { data: TZabbixHostListResponse } = await request.post(apiUrl, payload, {
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${apiToken}`
+      }
+    });
+
+    return response.data.result
+      ? response.data.result.map((host) => ({
+          hostId: host.hostid,
+          host: host.host
+        }))
+      : [];
+  } catch (error: unknown) {
+    if (error instanceof AxiosError) {
+      throw new BadRequestError({
+        message: `Failed to validate credentials: ${error.message || "Unknown error"}`
+      });
+    }
+    throw new BadRequestError({
+      message: "Unable to validate connection: verify credentials"
+    });
+  }
+};

backend/src/services/app-connection/zabbix/zabbix-connection-schemas.ts

@@ -0,0 +1,62 @@
+import z from "zod";
+
+import { AppConnections } from "@app/lib/api-docs";
+import { AppConnection } from "@app/services/app-connection/app-connection-enums";
+import {
+  BaseAppConnectionSchema,
+  GenericCreateAppConnectionFieldsSchema,
+  GenericUpdateAppConnectionFieldsSchema
+} from "@app/services/app-connection/app-connection-schemas";
+
+import { ZabbixConnectionMethod } from "./zabbix-connection-enums";
+
+export const ZabbixConnectionApiTokenCredentialsSchema = z.object({
+  apiToken: z
+    .string()
+    .trim()
+    .min(1, "API Token required")
+    .max(1000)
+    .describe(AppConnections.CREDENTIALS.ZABBIX.apiToken),
+  instanceUrl: z.string().trim().url("Invalid Instance URL").describe(AppConnections.CREDENTIALS.ZABBIX.instanceUrl)
+});
+
+const BaseZabbixConnectionSchema = BaseAppConnectionSchema.extend({ app: z.literal(AppConnection.Zabbix) });
+
+export const ZabbixConnectionSchema = BaseZabbixConnectionSchema.extend({
+  method: z.literal(ZabbixConnectionMethod.ApiToken),
+  credentials: ZabbixConnectionApiTokenCredentialsSchema
+});
+
+export const SanitizedZabbixConnectionSchema = z.discriminatedUnion("method", [
+  BaseZabbixConnectionSchema.extend({
+    method: z.literal(ZabbixConnectionMethod.ApiToken),
+    credentials: ZabbixConnectionApiTokenCredentialsSchema.pick({ instanceUrl: true })
+  })
+]);
+
+export const ValidateZabbixConnectionCredentialsSchema = z.discriminatedUnion("method", [
+  z.object({
+    method: z.literal(ZabbixConnectionMethod.ApiToken).describe(AppConnections.CREATE(AppConnection.Zabbix).method),
+    credentials: ZabbixConnectionApiTokenCredentialsSchema.describe(
+      AppConnections.CREATE(AppConnection.Zabbix).credentials
+    )
+  })
+]);
+
+export const CreateZabbixConnectionSchema = ValidateZabbixConnectionCredentialsSchema.and(
+  GenericCreateAppConnectionFieldsSchema(AppConnection.Zabbix)
+);
+
+export const UpdateZabbixConnectionSchema = z
+  .object({
+    credentials: ZabbixConnectionApiTokenCredentialsSchema.optional().describe(
+      AppConnections.UPDATE(AppConnection.Zabbix).credentials
+    )
+  })
+  .and(GenericUpdateAppConnectionFieldsSchema(AppConnection.Zabbix));
+
+export const ZabbixConnectionListItemSchema = z.object({
+  name: z.literal("Zabbix"),
+  app: z.literal(AppConnection.Zabbix),
+  methods: z.nativeEnum(ZabbixConnectionMethod).array()
+});

backend/src/services/app-connection/zabbix/zabbix-connection-service.ts

@@ -0,0 +1,30 @@
+import { logger } from "@app/lib/logger";
+import { OrgServiceActor } from "@app/lib/types";
+
+import { AppConnection } from "../app-connection-enums";
+import { listZabbixHosts } from "./zabbix-connection-fns";
+import { TZabbixConnection } from "./zabbix-connection-types";
+
+type TGetAppConnectionFunc = (
+  app: AppConnection,
+  connectionId: string,
+  actor: OrgServiceActor
+) => Promise<TZabbixConnection>;
+
+export const zabbixConnectionService = (getAppConnection: TGetAppConnectionFunc) => {
+  const listHosts = async (connectionId: string, actor: OrgServiceActor) => {
+    const appConnection = await getAppConnection(AppConnection.Zabbix, connectionId, actor);
+
+    try {
+      const hosts = await listZabbixHosts(appConnection);
+      return hosts;
+    } catch (error) {
+      logger.error(error, "Failed to establish connection with zabbix");
+      return [];
+    }
+  };
+
+  return {
+    listHosts
+  };
+};

backend/src/services/app-connection/zabbix/zabbix-connection-types.ts

@@ -0,0 +1,33 @@
+import z from "zod";
+
+import { DiscriminativePick } from "@app/lib/types";
+
+import { AppConnection } from "../app-connection-enums";
+import {
+  CreateZabbixConnectionSchema,
+  ValidateZabbixConnectionCredentialsSchema,
+  ZabbixConnectionSchema
+} from "./zabbix-connection-schemas";
+
+export type TZabbixConnection = z.infer<typeof ZabbixConnectionSchema>;
+
+export type TZabbixConnectionInput = z.infer<typeof CreateZabbixConnectionSchema> & {
+  app: AppConnection.Zabbix;
+};
+
+export type TValidateZabbixConnectionCredentialsSchema = typeof ValidateZabbixConnectionCredentialsSchema;
+
+export type TZabbixConnectionConfig = DiscriminativePick<TZabbixConnectionInput, "method" | "app" | "credentials"> & {
+  orgId: string;
+};
+
+export type TZabbixHost = {
+  hostId: string;
+  host: string;
+};
+
+export type TZabbixHostListResponse = {
+  jsonrpc: string;
+  result: { hostid: string; host: string }[];
+  error?: { message: string };
+};

backend/src/services/org-membership/org-membership-dal.ts

@@ -103,8 +103,41 @@ export const orgMembershipDALFactory = (db: TDbClient) => {
     }
   };
 
+  const findRecentInvitedMemberships = async () => {
+    try {
+      const now = new Date();
+      const oneWeekAgo = new Date(now.getTime() - 7 * 24 * 60 * 60 * 1000);
+      const oneMonthAgo = new Date(now.getTime() - 30 * 24 * 60 * 60 * 1000);
+      const threeMonthsAgo = new Date(now.getTime() - 90 * 24 * 60 * 60 * 1000);
+
+      const memberships = await db
+        .replicaNode()(TableName.OrgMembership)
+        .where("status", "invited")
+        .where((qb) => {
+          // lastInvitedAt is null AND createdAt is between 1 week and 3 months ago
+          void qb
+            .whereNull(`${TableName.OrgMembership}.lastInvitedAt`)
+            .whereBetween(`${TableName.OrgMembership}.createdAt`, [threeMonthsAgo, oneWeekAgo]);
+        })
+        .orWhere((qb) => {
+          // lastInvitedAt is older than 1 week ago AND createdAt is younger than 1 month ago
+          void qb
+            .where(`${TableName.OrgMembership}.lastInvitedAt`, "<", oneMonthAgo)
+            .where(`${TableName.OrgMembership}.createdAt`, ">", oneWeekAgo);
+        });
+
+      return memberships;
+    } catch (error) {
+      throw new DatabaseError({
+        error,
+        name: "Find recent invited memberships"
+      });
+    }
+  };
+
   return {
     ...orgMembershipOrm,
-    findOrgMembershipById
+    findOrgMembershipById,
+    findRecentInvitedMemberships
   };
 };

backend/src/services/org/org-service.ts

@@ -107,7 +107,10 @@ type TOrgServiceFactoryDep = {
     "findProjectMembershipsByUserId" | "delete" | "create" | "find" | "insertMany" | "transaction"
   >;
   projectKeyDAL: Pick<TProjectKeyDALFactory, "find" | "delete" | "insertMany" | "findLatestProjectKey" | "create">;
-  orgMembershipDAL: Pick<TOrgMembershipDALFactory, "findOrgMembershipById" | "findOne" | "findById">;
+  orgMembershipDAL: Pick<
+    TOrgMembershipDALFactory,
+    "findOrgMembershipById" | "findOne" | "findById" | "findRecentInvitedMemberships" | "updateById"
+  >;
   incidentContactDAL: TIncidentContactsDALFactory;
   samlConfigDAL: Pick<TSamlConfigDALFactory, "findOne">;
   oidcConfigDAL: Pick<TOidcConfigDALFactory, "findOne">;
@@ -1422,6 +1425,53 @@ export const orgServiceFactory = ({
     return incidentContact;
   };
 
+  /**
+   * Re-send emails to users who haven't accepted an invite yet
+   */
+  const notifyInvitedUsers = async () => {
+    const invitedUsers = await orgMembershipDAL.findRecentInvitedMemberships();
+    const appCfg = getConfig();
+
+    const orgCache: Record<string, { name: string; id: string } | undefined> = {};
+
+    await Promise.all(
+      invitedUsers.map(async (invitedUser) => {
+        let org = orgCache[invitedUser.orgId];
+        if (!org) {
+          org = await orgDAL.findById(invitedUser.orgId);
+          orgCache[invitedUser.orgId] = org;
+        }
+
+        if (!org || !invitedUser.userId) return;
+
+        const token = await tokenService.createTokenForUser({
+          type: TokenType.TOKEN_EMAIL_ORG_INVITATION,
+          userId: invitedUser.userId,
+          orgId: org.id
+        });
+
+        if (invitedUser.inviteEmail) {
+          await smtpService.sendMail({
+            template: SmtpTemplates.OrgInvite,
+            subjectLine: `Reminder: You have been invited to ${org.name} on Infisical`,
+            recipients: [invitedUser.inviteEmail],
+            substitutions: {
+              organizationName: org.name,
+              email: invitedUser.inviteEmail,
+              organizationId: org.id.toString(),
+              token,
+              callback_url: `${appCfg.SITE_URL}/signupinvite`
+            }
+          });
+        }
+
+        await orgMembershipDAL.updateById(invitedUser.id, {
+          lastInvitedAt: new Date()
+        });
+      })
+    );
+  };
+
   return {
     findOrganizationById,
     findAllOrgMembers,
@@ -1445,6 +1495,7 @@ export const orgServiceFactory = ({
     listProjectMembershipsByOrgMembershipId,
     findOrgBySlug,
     resendOrgMemberInvitation,
-    upgradePrivilegeSystem
+    upgradePrivilegeSystem,
+    notifyInvitedUsers
   };
 };

backend/src/services/resource-cleanup/resource-cleanup-queue.ts

@@ -5,6 +5,7 @@ import { QueueJobs, QueueName, TQueueServiceFactory } from "@app/queue";
 
 import { TIdentityAccessTokenDALFactory } from "../identity-access-token/identity-access-token-dal";
 import { TIdentityUaClientSecretDALFactory } from "../identity-ua/identity-ua-client-secret-dal";
+import { TOrgServiceFactory } from "../org/org-service";
 import { TSecretDALFactory } from "../secret/secret-dal";
 import { TSecretVersionDALFactory } from "../secret/secret-version-dal";
 import { TSecretFolderVersionDALFactory } from "../secret-folder/secret-folder-version-dal";
@@ -24,6 +25,7 @@ type TDailyResourceCleanUpQueueServiceFactoryDep = {
   secretSharingDAL: Pick<TSecretSharingDALFactory, "pruneExpiredSharedSecrets" | "pruneExpiredSecretRequests">;
   serviceTokenService: Pick<TServiceTokenServiceFactory, "notifyExpiringTokens">;
   queueService: TQueueServiceFactory;
+  orgService: TOrgServiceFactory;
 };
 
 export type TDailyResourceCleanUpQueueServiceFactory = ReturnType<typeof dailyResourceCleanUpQueueServiceFactory>;
@@ -39,12 +41,12 @@ export const dailyResourceCleanUpQueueServiceFactory = ({
   secretSharingDAL,
   secretVersionV2DAL,
   identityUniversalAuthClientSecretDAL,
-  serviceTokenService
+  serviceTokenService,
+  orgService
 }: TDailyResourceCleanUpQueueServiceFactoryDep) => {
   queueService.start(QueueName.DailyResourceCleanUp, async () => {
     logger.info(`${QueueName.DailyResourceCleanUp}: queue task started`);
     await secretDAL.pruneSecretReminders(queueService);
-    await auditLogDAL.pruneAuditLog();
     await identityAccessTokenDAL.removeExpiredTokens();
     await identityUniversalAuthClientSecretDAL.removeExpiredClientSecrets();
     await secretSharingDAL.pruneExpiredSharedSecrets();
@@ -54,6 +56,8 @@ export const dailyResourceCleanUpQueueServiceFactory = ({
     await secretVersionV2DAL.pruneExcessVersions();
     await secretFolderVersionDAL.pruneExcessVersions();
     await serviceTokenService.notifyExpiringTokens();
+    await orgService.notifyInvitedUsers();
+    await auditLogDAL.pruneAuditLog();
     logger.info(`${QueueName.DailyResourceCleanUp}: queue task completed`);
   });
 

backend/src/services/secret-folder/secret-folder-service.ts

@@ -2,7 +2,7 @@ import { ForbiddenError, subject } from "@casl/ability";
 import path from "path";
 import { v4 as uuidv4, validate as uuidValidate } from "uuid";
 
-import { TSecretFolders, TSecretFoldersInsert } from "@app/db/schemas";
+import { TProjectEnvironments, TSecretFolders, TSecretFoldersInsert } from "@app/db/schemas";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import { ProjectPermissionActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
 import { TSecretApprovalPolicyServiceFactory } from "@app/ee/services/secret-approval-policy/secret-approval-policy-service";
@@ -469,15 +469,41 @@ export const secretFolderServiceFactory = ({
 
   const $checkFolderPolicy = async ({
     projectId,
-    environment,
-    parentId
+    env,
+    parentId,
+    idOrName
   }: {
     projectId: string;
-    environment: string;
+    env: TProjectEnvironments;
     parentId: string;
+    idOrName: string;
   }) => {
+    let targetFolder = await folderDAL
+      .findOne({
+        envId: env.id,
+        name: idOrName,
+        parentId,
+        isReserved: false
+      })
+      .catch(() => null);
+
+    if (!targetFolder && uuidValidate(idOrName)) {
+      targetFolder = await folderDAL
+        .findOne({
+          envId: env.id,
+          id: idOrName,
+          parentId,
+          isReserved: false
+        })
+        .catch(() => null);
+    }
+
+    if (!targetFolder) {
+      throw new NotFoundError({ message: `Target folder not found` });
+    }
+
     // get environment root folder (as it's needed to get all folders under it)
-    const rootFolder = await folderDAL.findBySecretPath(projectId, environment, "/");
+    const rootFolder = await folderDAL.findBySecretPath(projectId, env.slug, "/");
     if (!rootFolder) throw new NotFoundError({ message: `Root folder not found` });
     // get all folders under environment root folder
     const folderPaths = await folderDAL.findByEnvsDeep({ parentIds: [rootFolder.id] });
@@ -492,7 +518,13 @@ export const secretFolderServiceFactory = ({
       folderMap.get(normalizeKey(folder.parentId))?.push(folder);
     }
 
-    // Recursively collect all folders under the given parentId
+    // Find the target folder in the folderPaths to get its full details
+    const targetFolderWithPath = folderPaths.find((f) => f.id === targetFolder!.id);
+    if (!targetFolderWithPath) {
+      throw new NotFoundError({ message: `Target folder path not found` });
+    }
+
+    // Recursively collect all folders under the target folder (descendants only)
     const collectDescendants = (
       id: string
     ): (TSecretFolders & { path: string; depth: number; environment: string })[] => {
@@ -500,23 +532,31 @@ export const secretFolderServiceFactory = ({
       return [...children, ...children.flatMap((child) => collectDescendants(child.id))];
     };
 
-    const foldersUnderParent = collectDescendants(parentId);
+    const targetFolderDescendants = collectDescendants(targetFolder.id);
 
-    const folderPolicyPaths = foldersUnderParent.map((folder) => ({
+    // Include the target folder itself plus all its descendants
+    const foldersToCheck = [targetFolderWithPath, ...targetFolderDescendants];
+
+    const folderPolicyPaths = foldersToCheck.map((folder) => ({
       path: folder.path,
       id: folder.id
     }));
 
     // get secrets under the given folders
-    const secrets = await secretV2BridgeDAL.findByFolderIds({ folderIds: folderPolicyPaths.map((p) => p.id) });
+    const secrets = await secretV2BridgeDAL.findByFolderIds({
+      folderIds: folderPolicyPaths.map((p) => p.id)
+    });
+
     for await (const folderPolicyPath of folderPolicyPaths) {
       // eslint-disable-next-line no-continue
       if (!secrets.some((s) => s.folderId === folderPolicyPath.id)) continue;
+
       const policy = await secretApprovalPolicyService.getSecretApprovalPolicy(
         projectId,
-        environment,
+        env.slug,
         folderPolicyPath.path
       );
+
       // if there is a policy and there are secrets under the given folder, throw error
       if (policy) {
         throw new BadRequestError({
@@ -560,20 +600,42 @@ export const secretFolderServiceFactory = ({
           message: `Folder with path '${secretPath}' in environment with slug '${environment}' not found`
         });
 
-      await $checkFolderPolicy({ projectId, environment, parentId: parentFolder.id });
+      await $checkFolderPolicy({ projectId, env, parentId: parentFolder.id, idOrName });
+
+      let folderToDelete = await folderDAL
+        .findOne({
+          envId: env.id,
+          name: idOrName,
+          parentId: parentFolder.id,
+          isReserved: false
+        })
+        .catch(() => null);
+
+      if (!folderToDelete && uuidValidate(idOrName)) {
+        folderToDelete = await folderDAL
+          .findOne({
+            envId: env.id,
+            id: idOrName,
+            parentId: parentFolder.id,
+            isReserved: false
+          })
+          .catch(() => null);
+      }
+
+      if (!folderToDelete) {
+        throw new NotFoundError({ message: `Folder with ID '${idOrName}' not found` });
+      }
 
       const [doc] = await folderDAL.delete(
         {
           envId: env.id,
-          [uuidValidate(idOrName) ? "id" : "name"]: idOrName,
+          id: folderToDelete.id,
           parentId: parentFolder.id,
           isReserved: false
         },
         tx
       );
 
-      if (!doc) throw new NotFoundError({ message: `Failed to delete folder with ID '${idOrName}', not found` });
-
       const folderVersions = await folderVersionDAL.findLatestFolderVersions([doc.id], tx);
 
       await folderCommitService.createCommit(

backend/src/services/secret-sync/secret-sync-enums.ts

@@ -20,7 +20,8 @@ export enum SecretSync {
   Render = "render",
   Flyio = "flyio",
   GitLab = "gitlab",
-  CloudflarePages = "cloudflare-pages"
+  CloudflarePages = "cloudflare-pages",
+  Zabbix = "zabbix"
 }
 
 export enum SecretSyncInitialSyncBehavior {

backend/src/services/secret-sync/secret-sync-fns.ts

@@ -45,6 +45,7 @@ import { TEAMCITY_SYNC_LIST_OPTION, TeamCitySyncFns } from "./teamcity";
 import { TERRAFORM_CLOUD_SYNC_LIST_OPTION, TerraformCloudSyncFns } from "./terraform-cloud";
 import { VERCEL_SYNC_LIST_OPTION, VercelSyncFns } from "./vercel";
 import { WINDMILL_SYNC_LIST_OPTION, WindmillSyncFns } from "./windmill";
+import { ZABBIX_SYNC_LIST_OPTION, ZabbixSyncFns } from "./zabbix";
 
 const SECRET_SYNC_LIST_OPTIONS: Record<SecretSync, TSecretSyncListItem> = {
   [SecretSync.AWSParameterStore]: AWS_PARAMETER_STORE_SYNC_LIST_OPTION,
@@ -68,7 +69,8 @@ const SECRET_SYNC_LIST_OPTIONS: Record<SecretSync, TSecretSyncListItem> = {
   [SecretSync.Render]: RENDER_SYNC_LIST_OPTION,
   [SecretSync.Flyio]: FLYIO_SYNC_LIST_OPTION,
   [SecretSync.GitLab]: GITLAB_SYNC_LIST_OPTION,
-  [SecretSync.CloudflarePages]: CLOUDFLARE_PAGES_SYNC_LIST_OPTION
+  [SecretSync.CloudflarePages]: CLOUDFLARE_PAGES_SYNC_LIST_OPTION,
+  [SecretSync.Zabbix]: ZABBIX_SYNC_LIST_OPTION
 };
 
 export const listSecretSyncOptions = () => {
@@ -236,6 +238,8 @@ export const SecretSyncFns = {
         return GitLabSyncFns.syncSecrets(secretSync, schemaSecretMap, { appConnectionDAL, kmsService });
       case SecretSync.CloudflarePages:
         return CloudflarePagesSyncFns.syncSecrets(secretSync, schemaSecretMap);
+      case SecretSync.Zabbix:
+        return ZabbixSyncFns.syncSecrets(secretSync, schemaSecretMap);
       default:
         throw new Error(
           `Unhandled sync destination for sync secrets fns: ${(secretSync as TSecretSyncWithCredentials).destination}`
@@ -328,6 +332,9 @@ export const SecretSyncFns = {
       case SecretSync.CloudflarePages:
         secretMap = await CloudflarePagesSyncFns.getSecrets(secretSync);
         break;
+      case SecretSync.Zabbix:
+        secretMap = await ZabbixSyncFns.getSecrets(secretSync);
+        break;
       default:
         throw new Error(
           `Unhandled sync destination for get secrets fns: ${(secretSync as TSecretSyncWithCredentials).destination}`
@@ -405,6 +412,8 @@ export const SecretSyncFns = {
         return GitLabSyncFns.removeSecrets(secretSync, schemaSecretMap, { appConnectionDAL, kmsService });
       case SecretSync.CloudflarePages:
         return CloudflarePagesSyncFns.removeSecrets(secretSync, schemaSecretMap);
+      case SecretSync.Zabbix:
+        return ZabbixSyncFns.removeSecrets(secretSync, schemaSecretMap);
       default:
         throw new Error(
           `Unhandled sync destination for remove secrets fns: ${(secretSync as TSecretSyncWithCredentials).destination}`

backend/src/services/secret-sync/secret-sync-maps.ts

@@ -23,7 +23,8 @@ export const SECRET_SYNC_NAME_MAP: Record<SecretSync, string> = {
   [SecretSync.Render]: "Render",
   [SecretSync.Flyio]: "Fly.io",
   [SecretSync.GitLab]: "GitLab",
-  [SecretSync.CloudflarePages]: "Cloudflare Pages"
+  [SecretSync.CloudflarePages]: "Cloudflare Pages",
+  [SecretSync.Zabbix]: "Zabbix"
 };
 
 export const SECRET_SYNC_CONNECTION_MAP: Record<SecretSync, AppConnection> = {
@@ -48,7 +49,8 @@ export const SECRET_SYNC_CONNECTION_MAP: Record<SecretSync, AppConnection> = {
   [SecretSync.Render]: AppConnection.Render,
   [SecretSync.Flyio]: AppConnection.Flyio,
   [SecretSync.GitLab]: AppConnection.GitLab,
-  [SecretSync.CloudflarePages]: AppConnection.Cloudflare
+  [SecretSync.CloudflarePages]: AppConnection.Cloudflare,
+  [SecretSync.Zabbix]: AppConnection.Zabbix
 };
 
 export const SECRET_SYNC_PLAN_MAP: Record<SecretSync, SecretSyncPlanType> = {
@@ -73,5 +75,6 @@ export const SECRET_SYNC_PLAN_MAP: Record<SecretSync, SecretSyncPlanType> = {
   [SecretSync.Render]: SecretSyncPlanType.Regular,
   [SecretSync.Flyio]: SecretSyncPlanType.Regular,
   [SecretSync.GitLab]: SecretSyncPlanType.Regular,
-  [SecretSync.CloudflarePages]: SecretSyncPlanType.Regular
+  [SecretSync.CloudflarePages]: SecretSyncPlanType.Regular,
+  [SecretSync.Zabbix]: SecretSyncPlanType.Regular
 };

backend/src/services/secret-sync/secret-sync-types.ts

@@ -113,6 +113,7 @@ import {
   TTerraformCloudSyncWithCredentials
 } from "./terraform-cloud";
 import { TVercelSync, TVercelSyncInput, TVercelSyncListItem, TVercelSyncWithCredentials } from "./vercel";
+import { TZabbixSync, TZabbixSyncInput, TZabbixSyncListItem, TZabbixSyncWithCredentials } from "./zabbix";
 
 export type TSecretSync =
   | TAwsParameterStoreSync
@@ -136,7 +137,8 @@ export type TSecretSync =
   | TRenderSync
   | TFlyioSync
   | TGitLabSync
-  | TCloudflarePagesSync;
+  | TCloudflarePagesSync
+  | TZabbixSync;
 
 export type TSecretSyncWithCredentials =
   | TAwsParameterStoreSyncWithCredentials
@@ -160,7 +162,8 @@ export type TSecretSyncWithCredentials =
   | TRenderSyncWithCredentials
   | TFlyioSyncWithCredentials
   | TGitLabSyncWithCredentials
-  | TCloudflarePagesSyncWithCredentials;
+  | TCloudflarePagesSyncWithCredentials
+  | TZabbixSyncWithCredentials;
 
 export type TSecretSyncInput =
   | TAwsParameterStoreSyncInput
@@ -184,7 +187,8 @@ export type TSecretSyncInput =
   | TRenderSyncInput
   | TFlyioSyncInput
   | TGitLabSyncInput
-  | TCloudflarePagesSyncInput;
+  | TCloudflarePagesSyncInput
+  | TZabbixSyncInput;
 
 export type TSecretSyncListItem =
   | TAwsParameterStoreSyncListItem
@@ -208,7 +212,8 @@ export type TSecretSyncListItem =
   | TRenderSyncListItem
   | TFlyioSyncListItem
   | TGitLabSyncListItem
-  | TCloudflarePagesSyncListItem;
+  | TCloudflarePagesSyncListItem
+  | TZabbixSyncListItem;
 
 export type TSyncOptionsConfig = {
   canImportSecrets: boolean;

backend/src/services/secret-sync/zabbix/index.ts

@@ -0,0 +1,5 @@
+export * from "./zabbix-sync-constants";
+export * from "./zabbix-sync-enums";
+export * from "./zabbix-sync-fns";
+export * from "./zabbix-sync-schemas";
+export * from "./zabbix-sync-types";

backend/src/services/secret-sync/zabbix/zabbix-sync-constants.ts

@@ -0,0 +1,10 @@
+import { AppConnection } from "@app/services/app-connection/app-connection-enums";
+import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
+import { TSecretSyncListItem } from "@app/services/secret-sync/secret-sync-types";
+
+export const ZABBIX_SYNC_LIST_OPTION: TSecretSyncListItem = {
+  name: "Zabbix",
+  destination: SecretSync.Zabbix,
+  connection: AppConnection.Zabbix,
+  canImportSecrets: true
+};

backend/src/services/secret-sync/zabbix/zabbix-sync-enums.ts

@@ -0,0 +1,4 @@
+export enum ZabbixSyncScope {
+  Global = "global",
+  Host = "host"
+}

backend/src/services/secret-sync/zabbix/zabbix-sync-fns.ts

@@ -0,0 +1,285 @@
+import RE2 from "re2";
+
+import { request } from "@app/lib/config/request";
+import { blockLocalAndPrivateIpAddresses } from "@app/lib/validator";
+import { SecretSyncError } from "@app/services/secret-sync/secret-sync-errors";
+import { matchesSchema } from "@app/services/secret-sync/secret-sync-fns";
+import { TSecretMap } from "@app/services/secret-sync/secret-sync-types";
+import {
+  TZabbixSecret,
+  TZabbixSyncWithCredentials,
+  ZabbixApiResponse,
+  ZabbixMacroCreateResponse,
+  ZabbixMacroDeleteResponse
+} from "@app/services/secret-sync/zabbix/zabbix-sync-types";
+
+import { ZabbixSyncScope } from "./zabbix-sync-enums";
+
+const TRAILING_SLASH_REGEX = new RE2("/+$");
+const MACRO_START_REGEX = new RE2("^\\{\\$");
+const MACRO_END_REGEX = new RE2("\\}$");
+
+const extractMacroKey = (macro: string): string => {
+  return macro.replace(MACRO_START_REGEX, "").replace(MACRO_END_REGEX, "");
+};
+
+// Helper function to handle Zabbix API responses and errors
+const handleZabbixResponse = <T>(response: ZabbixApiResponse<T>): T => {
+  if (response.data.error) {
+    const errorMessage = response.data.error.data
+      ? `${response.data.error.message}: ${response.data.error.data}`
+      : response.data.error.message;
+    throw new SecretSyncError({
+      error: new Error(`Zabbix API Error (${response.data.error.code}): ${errorMessage}`)
+    });
+  }
+
+  if (response.data.result === undefined) {
+    throw new SecretSyncError({
+      error: new Error("Zabbix API returned no result")
+    });
+  }
+
+  return response.data.result;
+};
+
+const listZabbixSecrets = async (apiToken: string, instanceUrl: string, hostId?: string): Promise<TZabbixSecret[]> => {
+  const apiUrl = `${instanceUrl.replace(TRAILING_SLASH_REGEX, "")}/api_jsonrpc.php`;
+
+  // - jsonrpc: Specifies the JSON-RPC protocol version.
+  // - method: The API method to call, in this case "usermacro.get" for retrieving user macros.
+  // - id: A unique identifier for the request. Required by JSON-RPC but not used by the API for logic. Typically set to any integer.
+  const payload = {
+    jsonrpc: "2.0" as const,
+    method: "usermacro.get",
+    params: hostId ? { output: "extend", hostids: hostId } : { output: "extend", globalmacro: true },
+    id: 1
+  };
+
+  try {
+    const response: ZabbixApiResponse<TZabbixSecret[]> = await request.post(apiUrl, payload, {
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${apiToken}`
+      }
+    });
+
+    return handleZabbixResponse(response) || [];
+  } catch (error) {
+    throw new SecretSyncError({
+      error: error instanceof Error ? error : new Error("Failed to list Zabbix secrets")
+    });
+  }
+};
+
+const putZabbixSecrets = async (
+  apiToken: string,
+  instanceUrl: string,
+  secretMap: TSecretMap,
+  destinationConfig: TZabbixSyncWithCredentials["destinationConfig"],
+  existingSecrets: TZabbixSecret[]
+): Promise<void> => {
+  const apiUrl = `${instanceUrl.replace(TRAILING_SLASH_REGEX, "")}/api_jsonrpc.php`;
+  const hostId = destinationConfig.scope === ZabbixSyncScope.Host ? destinationConfig.hostId : undefined;
+
+  const existingMacroMap = new Map(existingSecrets.map((secret) => [secret.macro, secret]));
+
+  for (const [key, secret] of Object.entries(secretMap)) {
+    const macroKey = `{$${key.toUpperCase()}}`;
+    const existingMacro = existingMacroMap.get(macroKey);
+
+    try {
+      if (existingMacro) {
+        // Update existing macro
+        const updatePayload = {
+          jsonrpc: "2.0" as const,
+          method: hostId ? "usermacro.update" : "usermacro.updateglobal",
+          params: {
+            [hostId ? "hostmacroid" : "globalmacroid"]: existingMacro[hostId ? "hostmacroid" : "globalmacroid"],
+            value: secret.value,
+            type: destinationConfig.macroType,
+            description: secret.comment
+          },
+          id: 1
+        };
+
+        // eslint-disable-next-line no-await-in-loop
+        const response: ZabbixApiResponse<ZabbixMacroCreateResponse> = await request.post(apiUrl, updatePayload, {
+          headers: {
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${apiToken}`
+          }
+        });
+
+        handleZabbixResponse(response);
+      } else {
+        // Create new macro
+        const createPayload = {
+          jsonrpc: "2.0" as const,
+          method: hostId ? "usermacro.create" : "usermacro.createglobal",
+          params: hostId
+            ? {
+                hostid: hostId,
+                macro: macroKey,
+                value: secret.value,
+                type: destinationConfig.macroType,
+                description: secret.comment
+              }
+            : {
+                macro: macroKey,
+                value: secret.value,
+                type: destinationConfig.macroType,
+                description: secret.comment
+              },
+          id: 1
+        };
+
+        // eslint-disable-next-line no-await-in-loop
+        const response: ZabbixApiResponse<ZabbixMacroCreateResponse> = await request.post(apiUrl, createPayload, {
+          headers: {
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${apiToken}`
+          }
+        });
+
+        handleZabbixResponse(response);
+      }
+    } catch (error) {
+      throw new SecretSyncError({
+        error: error instanceof Error ? error : new Error(`Failed to sync secret ${key}`)
+      });
+    }
+  }
+};
+
+const deleteZabbixSecrets = async (
+  apiToken: string,
+  instanceUrl: string,
+  keys: string[],
+  hostId?: string
+): Promise<void> => {
+  if (keys.length === 0) return;
+
+  const apiUrl = `${instanceUrl.replace(TRAILING_SLASH_REGEX, "")}/api_jsonrpc.php`;
+
+  try {
+    // Get existing macros to find their IDs
+    const existingSecrets = await listZabbixSecrets(apiToken, instanceUrl, hostId);
+    const macroIds = existingSecrets
+      .filter((secret) => keys.includes(secret.macro))
+      .map((secret) => secret[hostId ? "hostmacroid" : "globalmacroid"])
+      .filter(Boolean);
+
+    if (macroIds.length === 0) return;
+
+    const payload = {
+      jsonrpc: "2.0" as const,
+      method: hostId ? "usermacro.delete" : "usermacro.deleteglobal",
+      params: macroIds,
+      id: 1
+    };
+
+    const response: ZabbixApiResponse<ZabbixMacroDeleteResponse> = await request.post(apiUrl, payload, {
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${apiToken}`
+      }
+    });
+
+    handleZabbixResponse(response);
+  } catch (error) {
+    throw new SecretSyncError({
+      error: error instanceof Error ? error : new Error("Failed to delete Zabbix secrets")
+    });
+  }
+};
+
+export const ZabbixSyncFns = {
+  syncSecrets: async (secretSync: TZabbixSyncWithCredentials, secretMap: TSecretMap) => {
+    const { connection, environment, destinationConfig } = secretSync;
+    const { apiToken, instanceUrl } = connection.credentials;
+    await blockLocalAndPrivateIpAddresses(instanceUrl);
+
+    const hostId = destinationConfig.scope === ZabbixSyncScope.Host ? destinationConfig.hostId : undefined;
+    let secrets: TZabbixSecret[] = [];
+    try {
+      secrets = await listZabbixSecrets(apiToken, instanceUrl, hostId);
+    } catch (error) {
+      throw new SecretSyncError({
+        error: error instanceof Error ? error : new Error("Failed to list Zabbix secrets")
+      });
+    }
+
+    try {
+      await putZabbixSecrets(apiToken, instanceUrl, secretMap, destinationConfig, secrets);
+    } catch (error) {
+      throw new SecretSyncError({
+        error: error instanceof Error ? error : new Error("Failed to sync secrets")
+      });
+    }
+
+    if (secretSync.syncOptions.disableSecretDeletion) return;
+
+    try {
+      const shapedSecretMapKeys = Object.keys(secretMap).map((key) => key.toUpperCase());
+
+      const keys = secrets
+        .filter(
+          (secret) =>
+            matchesSchema(secret.macro, environment?.slug || "", secretSync.syncOptions.keySchema) &&
+            !shapedSecretMapKeys.includes(extractMacroKey(secret.macro))
+        )
+        .map((secret) => secret.macro);
+
+      await deleteZabbixSecrets(apiToken, instanceUrl, keys, hostId);
+    } catch (error) {
+      throw new SecretSyncError({
+        error: error instanceof Error ? error : new Error("Failed to delete orphaned secrets")
+      });
+    }
+  },
+
+  removeSecrets: async (secretSync: TZabbixSyncWithCredentials, secretMap: TSecretMap) => {
+    const { connection, destinationConfig } = secretSync;
+    const { apiToken, instanceUrl } = connection.credentials;
+    await blockLocalAndPrivateIpAddresses(instanceUrl);
+
+    const hostId = destinationConfig.scope === ZabbixSyncScope.Host ? destinationConfig.hostId : undefined;
+
+    try {
+      const secrets = await listZabbixSecrets(apiToken, instanceUrl, hostId);
+
+      const shapedSecretMapKeys = Object.keys(secretMap).map((key) => key.toUpperCase());
+      const keys = secrets
+        .filter((secret) => shapedSecretMapKeys.includes(extractMacroKey(secret.macro)))
+        .map((secret) => secret.macro);
+
+      await deleteZabbixSecrets(apiToken, instanceUrl, keys, hostId);
+    } catch (error) {
+      throw new SecretSyncError({
+        error: error instanceof Error ? error : new Error("Failed to remove secrets")
+      });
+    }
+  },
+
+  getSecrets: async (secretSync: TZabbixSyncWithCredentials) => {
+    const { connection, destinationConfig } = secretSync;
+    const { apiToken, instanceUrl } = connection.credentials;
+    await blockLocalAndPrivateIpAddresses(instanceUrl);
+    const hostId = destinationConfig.scope === ZabbixSyncScope.Host ? destinationConfig.hostId : undefined;
+
+    try {
+      const secrets = await listZabbixSecrets(apiToken, instanceUrl, hostId);
+      return Object.fromEntries(
+        secrets.map((secret) => [
+          extractMacroKey(secret.macro),
+          { value: secret.value ?? "", comment: secret.description }
+        ])
+      );
+    } catch (error) {
+      throw new SecretSyncError({
+        error: error instanceof Error ? error : new Error("Failed to get secrets")
+      });
+    }
+  }
+};

backend/src/services/secret-sync/zabbix/zabbix-sync-schemas.ts

@@ -0,0 +1,67 @@
+import { z } from "zod";
+
+import { SecretSyncs } from "@app/lib/api-docs";
+import { AppConnection } from "@app/services/app-connection/app-connection-enums";
+import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
+import {
+  BaseSecretSyncSchema,
+  GenericCreateSecretSyncFieldsSchema,
+  GenericUpdateSecretSyncFieldsSchema
+} from "@app/services/secret-sync/secret-sync-schemas";
+import { TSyncOptionsConfig } from "@app/services/secret-sync/secret-sync-types";
+
+import { ZabbixSyncScope } from "./zabbix-sync-enums";
+
+const ZabbixSyncDestinationConfigSchema = z.discriminatedUnion("scope", [
+  z.object({
+    scope: z.literal(ZabbixSyncScope.Host).describe(SecretSyncs.DESTINATION_CONFIG.ZABBIX.scope),
+    hostId: z.string().trim().min(1, "Host required").max(255).describe(SecretSyncs.DESTINATION_CONFIG.ZABBIX.hostId),
+    hostName: z
+      .string()
+      .trim()
+      .min(1, "Host name required")
+      .max(255)
+      .describe(SecretSyncs.DESTINATION_CONFIG.ZABBIX.hostName),
+    macroType: z
+      .number()
+      .min(0, "Macro type required")
+      .max(1, "Macro type required")
+      .describe(SecretSyncs.DESTINATION_CONFIG.ZABBIX.macroType)
+  }),
+  z.object({
+    scope: z.literal(ZabbixSyncScope.Global).describe(SecretSyncs.DESTINATION_CONFIG.ZABBIX.scope),
+    macroType: z
+      .number()
+      .min(0, "Macro type required")
+      .max(1, "Macro type required")
+      .describe(SecretSyncs.DESTINATION_CONFIG.ZABBIX.macroType)
+  })
+]);
+
+const ZabbixSyncOptionsConfig: TSyncOptionsConfig = { canImportSecrets: true };
+
+export const ZabbixSyncSchema = BaseSecretSyncSchema(SecretSync.Zabbix, ZabbixSyncOptionsConfig).extend({
+  destination: z.literal(SecretSync.Zabbix),
+  destinationConfig: ZabbixSyncDestinationConfigSchema
+});
+
+export const CreateZabbixSyncSchema = GenericCreateSecretSyncFieldsSchema(
+  SecretSync.Zabbix,
+  ZabbixSyncOptionsConfig
+).extend({
+  destinationConfig: ZabbixSyncDestinationConfigSchema
+});
+
+export const UpdateZabbixSyncSchema = GenericUpdateSecretSyncFieldsSchema(
+  SecretSync.Zabbix,
+  ZabbixSyncOptionsConfig
+).extend({
+  destinationConfig: ZabbixSyncDestinationConfigSchema.optional()
+});
+
+export const ZabbixSyncListItemSchema = z.object({
+  name: z.literal("Zabbix"),
+  connection: z.literal(AppConnection.Zabbix),
+  destination: z.literal(SecretSync.Zabbix),
+  canImportSecrets: z.literal(true)
+});

backend/src/services/secret-sync/zabbix/zabbix-sync-types.ts

@@ -0,0 +1,75 @@
+import { z } from "zod";
+
+import { TZabbixConnection } from "@app/services/app-connection/zabbix";
+
+import { CreateZabbixSyncSchema, ZabbixSyncListItemSchema, ZabbixSyncSchema } from "./zabbix-sync-schemas";
+
+export type TZabbixSync = z.infer<typeof ZabbixSyncSchema>;
+export type TZabbixSyncInput = z.infer<typeof CreateZabbixSyncSchema>;
+export type TZabbixSyncListItem = z.infer<typeof ZabbixSyncListItemSchema>;
+
+export type TZabbixSyncWithCredentials = TZabbixSync & {
+  connection: TZabbixConnection;
+};
+
+export type TZabbixSecret = {
+  macro: string;
+  value: string;
+  description?: string;
+  globalmacroid?: string;
+  hostmacroid?: string;
+  hostid?: string;
+  type: number;
+  automatic?: string;
+};
+
+export interface ZabbixApiResponse<T = unknown> {
+  data: {
+    jsonrpc: "2.0";
+    result?: T;
+    error?: {
+      code: number;
+      message: string;
+      data?: string;
+    };
+    id: number;
+  };
+}
+
+export interface ZabbixMacroCreateResponse {
+  hostmacroids?: string[];
+  globalmacroids?: string[];
+}
+
+export interface ZabbixMacroUpdateResponse {
+  hostmacroids?: string[];
+  globalmacroids?: string[];
+}
+
+export interface ZabbixMacroDeleteResponse {
+  hostmacroids?: string[];
+  globalmacroids?: string[];
+}
+
+export enum ZabbixMacroType {
+  TEXT = 0,
+  SECRET = 1
+}
+
+export interface ZabbixMacroInput {
+  hostid?: string;
+  macro: string;
+  value: string;
+  description?: string;
+  type?: ZabbixMacroType;
+  automatic?: "0" | "1";
+}
+
+export interface ZabbixMacroUpdate {
+  hostmacroid?: string;
+  globalmacroid?: string;
+  value?: string;
+  description?: string;
+  type?: ZabbixMacroType;
+  automatic?: "0" | "1";
+}

cli/detect/cmd/scm/scm.go

@@ -35,6 +35,7 @@ const (
 	GitHubPlatform
 	GitLabPlatform
 	AzureDevOpsPlatform
+	BitBucketPlatform
 	// TODO: Add others.
 )
 
@@ -45,6 +46,7 @@ func (p Platform) String() string {
 		"github",
 		"gitlab",
 		"azuredevops",
+		"bitbucket",
 	}[p]
 }
 
@@ -60,6 +62,8 @@ func PlatformFromString(s string) (Platform, error) {
 		return GitLabPlatform, nil
 	case "azuredevops":
 		return AzureDevOpsPlatform, nil
+	case "bitbucket":
+		return BitBucketPlatform, nil
 	default:
 		return UnknownPlatform, fmt.Errorf("invalid scm platform value: %s", s)
 	}

cli/detect/git.go

@@ -208,6 +208,8 @@ func platformFromHost(u *url.URL) scm.Platform {
 		return scm.GitLabPlatform
 	case "dev.azure.com", "visualstudio.com":
 		return scm.AzureDevOpsPlatform
+	case "bitbucket.org":
+		return scm.BitBucketPlatform
 	default:
 		return scm.UnknownPlatform
 	}

cli/detect/utils.go

@@ -112,6 +112,15 @@ func createScmLink(scmPlatform scm.Platform, remoteUrl string, finding report.Fi
 		// This is a bit dirty, but Azure DevOps does not highlight the line when the lineStartColumn and lineEndColumn are not provided
 		link += "&lineStartColumn=1&lineEndColumn=10000000&type=2&lineStyle=plain&_a=files"
 		return link
+	case scm.BitBucketPlatform:
+		link := fmt.Sprintf("%s/src/%s/%s", remoteUrl, finding.Commit, filePath)
+		if finding.StartLine != 0 {
+			link += fmt.Sprintf("#lines-%d", finding.StartLine)
+		}
+		if finding.EndLine != finding.StartLine {
+			link += fmt.Sprintf(":%d", finding.EndLine)
+		}
+		return link
 	default:
 		// This should never happen.
 		return ""

cli/packages/cmd/scan.go

@@ -337,9 +337,7 @@ var scanCmd = &cobra.Command{
 			if gitCmd, err = sources.NewGitLogCmd(source, logOpts); err != nil {
 				logging.Fatal().Err(err).Msg("could not create Git cmd")
 			}
-			if scmPlatform, err = scm.PlatformFromString("github"); err != nil {
-				logging.Fatal().Err(err).Send()
-			}
+			scmPlatform = scm.UnknownPlatform
 			remote = detect.NewRemoteInfo(scmPlatform, source)
 
 			if findings, err = detector.DetectGit(gitCmd, remote); err != nil {

docs/api-reference/endpoints/app-connections/zabbix/available.mdx

@@ -0,0 +1,4 @@
+---
+title: "Available"
+openapi: "GET /api/v1/app-connections/zabbix/available"
+---

docs/api-reference/endpoints/app-connections/zabbix/create.mdx

@@ -0,0 +1,8 @@
+---
+title: "Create"
+openapi: "POST /api/v1/app-connections/zabbix"
+---
+
+<Note>
+    Check out the configuration docs for [Zabbix Connections](/integrations/app-connections/zabbix) to learn how to obtain the required credentials.
+</Note>

docs/api-reference/endpoints/app-connections/zabbix/delete.mdx

@@ -0,0 +1,4 @@
+---
+title: "Delete"
+openapi: "DELETE /api/v1/app-connections/zabbix/{connectionId}"
+---

docs/api-reference/endpoints/app-connections/zabbix/get-by-id.mdx

@@ -0,0 +1,4 @@
+---
+title: "Get by ID"
+openapi: "GET /api/v1/app-connections/zabbix/{connectionId}"
+---

docs/api-reference/endpoints/app-connections/zabbix/get-by-name.mdx

@@ -0,0 +1,4 @@
+---
+title: "Get by Name"
+openapi: "GET /api/v1/app-connections/zabbix/connection-name/{connectionName}"
+---

docs/api-reference/endpoints/app-connections/zabbix/list.mdx

@@ -0,0 +1,4 @@
+---
+title: "List"
+openapi: "GET /api/v1/app-connections/zabbix"
+---

docs/api-reference/endpoints/app-connections/zabbix/update.mdx

@@ -0,0 +1,8 @@
+---
+title: "Update"
+openapi: "PATCH /api/v1/app-connections/zabbix/{connectionId}"
+---
+
+<Note>
+    Check out the configuration docs for [Zabbix Connections](/integrations/app-connections/zabbix) to learn how to obtain the required credentials.
+</Note>

docs/api-reference/endpoints/secret-syncs/zabbix/create.mdx

@@ -0,0 +1,4 @@
+---
+title: "Create"
+openapi: "POST /api/v1/secret-syncs/zabbix"
+---

docs/api-reference/endpoints/secret-syncs/zabbix/delete.mdx

@@ -0,0 +1,4 @@
+---
+title: "Delete"
+openapi: "DELETE /api/v1/secret-syncs/zabbix/{syncId}"
+---

docs/api-reference/endpoints/secret-syncs/zabbix/get-by-id.mdx

@@ -0,0 +1,4 @@
+---
+title: "Get by ID"
+openapi: "GET /api/v1/secret-syncs/zabbix/{syncId}"
+---

docs/api-reference/endpoints/secret-syncs/zabbix/get-by-name.mdx

@@ -0,0 +1,4 @@
+---
+title: "Get by Name"
+openapi: "GET /api/v1/secret-syncs/zabbix/sync-name/{syncName}"
+---

docs/api-reference/endpoints/secret-syncs/zabbix/import-secrets.mdx

@@ -0,0 +1,4 @@
+---
+title: "Import Secrets"
+openapi: "POST /api/v1/secret-syncs/zabbix/{syncId}/import-secrets"
+---

docs/api-reference/endpoints/secret-syncs/zabbix/list.mdx

@@ -0,0 +1,4 @@
+---
+title: "List"
+openapi: "GET /api/v1/secret-syncs/zabbix"
+---

docs/api-reference/endpoints/secret-syncs/zabbix/remove-secrets.mdx

@@ -0,0 +1,4 @@
+---
+title: "Remove Secrets"
+openapi: "POST /api/v1/secret-syncs/zabbix/{syncId}/remove-secrets"
+---

docs/api-reference/endpoints/secret-syncs/zabbix/sync-secrets.mdx

@@ -0,0 +1,4 @@
+---
+title: "Sync Secrets"
+openapi: "POST /api/v1/secret-syncs/zabbix/{syncId}/sync-secrets"
+---

docs/api-reference/endpoints/secret-syncs/zabbix/update.mdx

@@ -0,0 +1,4 @@
+---
+title: "Update"
+openapi: "PATCH /api/v1/secret-syncs/zabbix/{syncId}"
+---

docs/docs.json

@@ -490,7 +490,8 @@
                   "integrations/app-connections/teamcity",
                   "integrations/app-connections/terraform-cloud",
                   "integrations/app-connections/vercel",
-                  "integrations/app-connections/windmill"
+                  "integrations/app-connections/windmill",
+                  "integrations/app-connections/zabbix"
                 ]
               }
             ]
@@ -523,7 +524,8 @@
                   "integrations/secret-syncs/teamcity",
                   "integrations/secret-syncs/terraform-cloud",
                   "integrations/secret-syncs/vercel",
-                  "integrations/secret-syncs/windmill"
+                  "integrations/secret-syncs/windmill",
+                  "integrations/secret-syncs/zabbix"
                 ]
               }
             ]
@@ -1521,6 +1523,18 @@
                       "api-reference/endpoints/app-connections/windmill/update",
                       "api-reference/endpoints/app-connections/windmill/delete"
                     ]
+                  },
+                  {
+                    "group": "Zabbix",
+                    "pages": [
+                      "api-reference/endpoints/app-connections/zabbix/list",
+                      "api-reference/endpoints/app-connections/zabbix/available",
+                      "api-reference/endpoints/app-connections/zabbix/get-by-id",
+                      "api-reference/endpoints/app-connections/zabbix/get-by-name",
+                      "api-reference/endpoints/app-connections/zabbix/create",
+                      "api-reference/endpoints/app-connections/zabbix/update",
+                      "api-reference/endpoints/app-connections/zabbix/delete"
+                    ]
                   }
                 ]
               },
@@ -1827,6 +1841,20 @@
                       "api-reference/endpoints/secret-syncs/windmill/import-secrets",
                       "api-reference/endpoints/secret-syncs/windmill/remove-secrets"
                     ]
+                  },
+                  {
+                    "group": "Zabbix",
+                    "pages": [
+                      "api-reference/endpoints/secret-syncs/zabbix/list",
+                      "api-reference/endpoints/secret-syncs/zabbix/get-by-id",
+                      "api-reference/endpoints/secret-syncs/zabbix/get-by-name",
+                      "api-reference/endpoints/secret-syncs/zabbix/create",
+                      "api-reference/endpoints/secret-syncs/zabbix/update",
+                      "api-reference/endpoints/secret-syncs/zabbix/delete",
+                      "api-reference/endpoints/secret-syncs/zabbix/sync-secrets",
+                      "api-reference/endpoints/secret-syncs/zabbix/import-secrets",
+                      "api-reference/endpoints/secret-syncs/zabbix/remove-secrets"
+                    ]
                   }
                 ]
               },

docs/integrations/app-connections/zabbix.mdx

@@ -0,0 +1,101 @@
+---
+title: "Zabbix Connection"
+description: "Learn how to configure a Zabbix Connection for Infisical."
+---
+
+Infisical supports the use of [API Tokens](https://www.zabbix.com/documentation/current/en/manual/web_interface/frontend_sections/users/api_tokens) to connect with Zabbix.
+
+## Create Zabbix API Token
+
+<Steps>
+    <Step title="Navigate to 'API Tokens'">
+        ![Dashboard Page](/images/app-connections/zabbix/zabbix-dashboard.png)
+    </Step>
+    <Step title="Click 'Create API Token'">
+        ![Click Create Token](/images/app-connections/zabbix/zabbix-api-token-list.png)
+    </Step>
+    <Step title="Provide Token Information">
+        Ensure that you give this token access to the correct app, then click 'Create Token'.
+
+        ![Create Token Page](/images/app-connections/zabbix/zabbix-api-token-form.png)
+    </Step>
+    <Step title="Save Token">
+        After clicking 'Create Token', a modal containing your access token will appear. Save this token for later steps.
+        ![Copy Token Modal](/images/app-connections/zabbix/zabbix-api-token-generated.png)
+    </Step>
+</Steps>
+
+## Create Zabbix Connection in Infisical
+
+<Tabs>
+    <Tab title="Infisical UI">
+        <Steps>
+            <Step title="Navigate to App Connections">
+                In your Infisical dashboard, go to **Organization Settings** and select the [**App Connections**](https://app.infisical.com/organization/app-connections) tab.
+
+                ![App Connections Tab](/images/app-connections/general/add-connection.png)
+            </Step>
+            <Step title="Select Zabbix Connection">
+                Click the **+ Add Connection** button and select the **Zabbix Connection** option from the available integrations.
+
+                ![Select Zabbix Connection](/images/app-connections/zabbix/zabbix-app-connection-option.png)
+            </Step>
+            <Step title="Fill out the Zabbix Connection Modal">
+                Complete the Zabbix Connection form by entering:
+                - A descriptive name for the connection
+                - An optional description for future reference
+                - The Zabbix URL for your instance
+                - The API Token from earlier steps
+
+                ![Zabbix Connection Modal](/images/app-connections/zabbix/zabbix-app-connection-form.png)
+            </Step>
+            <Step title="Connection Created">
+                After clicking Create, your **Zabbix Connection** is established and ready to use with your Infisical projects.
+
+                ![Zabbix Connection Created](/images/app-connections/zabbix/zabbix-app-connection-generated.png)
+            </Step>
+        </Steps>
+    </Tab>
+    <Tab title="API">
+        To create a Zabbix Connection, make an API request to the [Create Zabbix Connection](/api-reference/endpoints/app-connections/zabbix/create) API endpoint.
+
+        ### Sample request
+
+        ```bash Request
+        curl    --request POST \
+                --url https://app.infisical.com/api/v1/app-connections/zabbix \
+                --header 'Content-Type: application/json' \
+                --data '{
+                    "name": "my-zabbix-connection",
+                    "method": "api-token",
+                    "credentials": {
+                        "apiToken": "[API TOKEN]",
+                        "instanceUrl": "https://zabbix.example.com"
+                    }
+                }'
+        ```
+
+        ### Sample response
+
+        ```bash Response
+        {
+          "appConnection": {
+              "id": "e5d18aca-86f7-4026-a95e-efb8aeb0d8e6",
+              "name": "my-zabbix-connection",
+              "description": null,
+              "version": 1,
+              "orgId": "6f03caa1-a5de-43ce-b127-95a145d3464c",
+              "createdAt": "2025-04-23T19:46:34.831Z",
+              "updatedAt": "2025-04-23T19:46:34.831Z",
+              "isPlatformManagedCredentials": false,
+              "credentialsHash": "7c2d371dec195f82a6a0d5b41c970a229cfcaf88e894a5b6395e2dbd0280661f",
+              "app": "zabbix",
+              "method": "api-token",
+              "credentials": {
+                "instanceUrl": "https://zabbix.example.com"
+              }
+          }
+        }
+        ```
+    </Tab>
+</Tabs>

docs/integrations/secret-syncs/zabbix.mdx

@@ -0,0 +1,173 @@
+---
+title: "Zabbix Sync"
+description: "Learn how to configure a Zabbix Sync for Infisical."
+---
+
+**Prerequisites:**
+- Create a [Zabbix Connection](/integrations/app-connections/zabbix)
+
+<Tabs>
+    <Tab title="Infisical UI">
+        <Steps>
+            <Step title="Add Sync">
+                Navigate to **Project** > **Integrations** and select the **Secret Syncs** tab. Click on the **Add Sync** button.
+
+                ![Secret Syncs Tab](/images/secret-syncs/general/secret-sync-tab.png)
+            </Step>
+            <Step title="Select 'Zabbix'">
+                ![Select Zabbix](/images/secret-syncs/zabbix/select-option.png)
+            </Step>
+            <Step title="Configure source">
+                Configure the **Source** from where secrets should be retrieved, then click **Next**.
+
+                ![Configure Source](/images/secret-syncs/zabbix/configure-source.png)
+
+                - **Environment**: The project environment to retrieve secrets from.
+                - **Secret Path**: The folder path to retrieve secrets from.
+
+                <Tip>
+                    If you need to sync secrets from multiple folder locations, check out [secret imports](/documentation/platform/secret-reference#secret-imports).
+                </Tip>
+            </Step>
+            <Step title="Configure destination">
+                Configure the **Destination** to where secrets should be deployed, then click **Next**.
+
+                ![Configure Destination](/images/secret-syncs/zabbix/configure-destination.png)
+
+                - **Zabbix Connection**: The Zabbix Connection to authenticate with.
+                - **Scope**: The Zabbix scope to sync secrets to.
+                    - **Global**: Secrets will be synced globally.
+                    - **Host**: Secrets will be synced to the specified host.
+                - **Macro Type**: The type of macro to use when syncing secrets to Zabbix. Currently only **Text** and **Secret** macros are supported.
+                The remaining fields are determined by the selected **Scope**:
+                <AccordionGroup>
+                    <Accordion title="Host">
+                        - **Host**: The host to sync secrets to.
+                    </Accordion>
+                </AccordionGroup>
+            </Step>
+            <Step title="Configure Sync Options">
+                Configure the **Sync Options** to specify how secrets should be synced, then click **Next**.
+
+                ![Configure Options](/images/secret-syncs/zabbix/configure-sync-options.png)
+
+                - **Initial Sync Behavior**: Determines how Infisical should resolve the initial sync.
+                    - **Overwrite Destination Secrets**: Removes any secrets at the destination endpoint not present in Infisical.
+                    - **Import Secrets (Prioritize Infisical)**: Imports secrets from the destination endpoint before syncing, prioritizing values from Infisical over Zabbix when keys conflict.
+                    - **Import Secrets (Prioritize Zabbix)**: Imports secrets from the destination endpoint before syncing, prioritizing values from Zabbix over Infisical when keys conflict.
+                - **Key Schema**: Template that determines how secret names are transformed when syncing, using `{{secretKey}}` as a placeholder for the original secret name and `{{environment}}` for the environment.
+                <Note>
+                    We highly recommend using a Key Schema to ensure that Infisical only manages the specific keys you intend, keeping everything else untouched.
+                </Note>
+                - **Auto-Sync Enabled**: If enabled, secrets will automatically be synced from the source location when changes occur. Disable to enforce manual syncing only.
+                - **Disable Secret Deletion**: If enabled, Infisical will not remove secrets from the sync destination. Enable this option if you intend to manage some secrets manually outside of Infisical.
+            </Step>
+            <Step title="Configure details">
+                Configure the **Details** of your Zabbix Sync, then click **Next**.
+
+                ![Configure Details](/images/secret-syncs/zabbix/configure-details.png)
+
+                - **Name**: The name of your sync. Must be slug-friendly.
+                - **Description**: An optional description for your sync.
+            </Step>
+            <Step title="Review configuration">
+                Review your Zabbix Sync configuration, then click **Create Sync**.
+
+                ![Review Configuration](/images/secret-syncs/zabbix/review-configuration.png)
+            </Step>
+            <Step title="Sync created">
+                If enabled, your Zabbix Sync will begin syncing your secrets to the destination endpoint.
+
+                ![Sync Created](/images/secret-syncs/zabbix/sync-created.png)
+            </Step>
+        </Steps>
+    </Tab>
+    <Tab title="API">
+        To create a **Zabbix Sync**, make an API request to the [Create Zabbix Sync](/api-reference/endpoints/secret-syncs/zabbix/create) API endpoint.
+
+        ### Sample request
+
+        ```bash Request
+        curl    --request POST \
+                --url https://app.infisical.com/api/v1/secret-syncs/zabbix \
+                --header 'Content-Type: application/json' \
+                --data '{
+                    "name": "my-zabbix-sync",
+                    "projectId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
+                    "description": "an example sync",
+                    "connectionId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
+                    "environment": "dev",
+                    "secretPath": "/my-secrets",
+                    "isEnabled": true,
+                    "syncOptions": {
+                        "initialSyncBehavior": "overwrite-destination",
+                        "autoSyncEnabled": true,
+                        "disableSecretDeletion": false
+                    },
+                    "destinationConfig": {
+                        "scope": "host",
+                        "hostId": "my-zabbix-host",
+                        "hostName": "my-zabbix-host",
+                        "macroType": 0
+                    }
+                }'
+        ```
+
+        ### Sample response
+
+        ```bash Response
+        {
+            "secretSync": {
+                "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
+                "name": "my-zabbix-sync",
+                "description": "an example sync",
+                "isEnabled": true,
+                "version": 1,
+                "folderId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
+                "connectionId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
+                "createdAt": "2023-11-07T05:31:56Z",
+                "updatedAt": "2023-11-07T05:31:56Z",
+                "syncStatus": "succeeded",
+                "lastSyncJobId": "123",
+                "lastSyncMessage": null,
+                "lastSyncedAt": "2023-11-07T05:31:56Z",
+                "importStatus": null,
+                "lastImportJobId": null,
+                "lastImportMessage": null,
+                "lastImportedAt": null,
+                "removeStatus": null,
+                "lastRemoveJobId": null,
+                "lastRemoveMessage": null,
+                "lastRemovedAt": null,
+                "syncOptions": {
+                    "initialSyncBehavior": "overwrite-destination",
+                    "autoSyncEnabled": true,
+                    "disableSecretDeletion": false
+                },
+                "projectId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
+                "connection": {
+                    "app": "zabbix",
+                    "name": "my-zabbix-connection",
+                    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
+                },
+                "environment": {
+                    "slug": "dev",
+                    "name": "Development",
+                    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
+                },
+                "folder": {
+                    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
+                    "path": "/my-secrets"
+                },
+                "destination": "zabbix",
+                "destinationConfig": {
+                  "scope": "host",
+                  "hostId": "my-zabbix-host",
+                  "hostName": "my-zabbix-host",
+                  "macroType": 0
+                }
+            }
+        }
+        ```
+    </Tab>
+</Tabs>

frontend/src/components/notifications/Notifications.tsx

@@ -65,6 +65,7 @@ export const createNotification = (
   toast(<NotificationContent {...myProps} />, {
     position: "bottom-right",
     ...toastProps,
+    autoClose: toastProps.autoClose || 15000,
     theme: "dark",
     type: myProps?.type || "info"
   });

frontend/src/components/secret-syncs/forms/SecretSyncDestinationFields/SecretSyncDestinationFields.tsx

@@ -25,6 +25,7 @@ import { TeamCitySyncFields } from "./TeamCitySyncFields";
 import { TerraformCloudSyncFields } from "./TerraformCloudSyncFields";
 import { VercelSyncFields } from "./VercelSyncFields";
 import { WindmillSyncFields } from "./WindmillSyncFields";
+import { ZabbixSyncFields } from "./ZabbixSyncFields";
 
 export const SecretSyncDestinationFields = () => {
   const { watch } = useFormContext<TSecretSyncForm>();
@@ -76,6 +77,8 @@ export const SecretSyncDestinationFields = () => {
       return <GitLabSyncFields />;
     case SecretSync.CloudflarePages:
       return <CloudflarePagesSyncFields />;
+    case SecretSync.Zabbix:
+      return <ZabbixSyncFields />;
     default:
       throw new Error(`Unhandled Destination Config Field: ${destination}`);
   }

frontend/src/components/secret-syncs/forms/SecretSyncDestinationFields/ZabbixSyncFields.tsx

@@ -0,0 +1,147 @@
+import { Controller, useFormContext, useWatch } from "react-hook-form";
+import { SingleValue } from "react-select";
+
+import { SecretSyncConnectionField } from "@app/components/secret-syncs/forms/SecretSyncConnectionField";
+import { FilterableSelect, FormControl, Select, SelectItem } from "@app/components/v2";
+import {
+  TZabbixHost,
+  useZabbixConnectionListHosts,
+  ZABBIX_SYNC_SCOPES,
+  ZabbixMacroType,
+  ZabbixSyncScope
+} from "@app/hooks/api/appConnections/zabbix";
+import { SecretSync } from "@app/hooks/api/secretSyncs";
+
+import { TSecretSyncForm } from "../schemas";
+
+export const ZabbixSyncFields = () => {
+  const { control, watch, setValue } = useFormContext<
+    TSecretSyncForm & { destination: SecretSync.Zabbix }
+  >();
+
+  const connectionId = useWatch({ name: "connection.id", control });
+  const currentScope = watch("destinationConfig.scope");
+
+  const { data: hosts = [], isPending: isHostsPending } = useZabbixConnectionListHosts(
+    connectionId,
+    {
+      enabled: Boolean(connectionId)
+    }
+  );
+
+  return (
+    <>
+      <SecretSyncConnectionField
+        onChange={() => {
+          setValue("destinationConfig.scope", ZabbixSyncScope.Global);
+          setValue("destinationConfig.hostId", "");
+          setValue("destinationConfig.hostName", "");
+        }}
+      />
+      <Controller
+        name="destinationConfig.scope"
+        control={control}
+        render={({ field: { value, onChange }, fieldState: { error } }) => (
+          <FormControl
+            errorText={error?.message}
+            isError={Boolean(error?.message)}
+            label="Scope"
+            tooltipClassName="max-w-lg py-3"
+            tooltipText={
+              <div className="flex flex-col gap-3">
+                <p>
+                  Specify how Infisical should manage secrets from Zabbix. The following options are
+                  available:
+                </p>
+                <ul className="flex list-disc flex-col gap-3 pl-4">
+                  {Object.values(ZABBIX_SYNC_SCOPES).map(({ name, description }) => {
+                    return (
+                      <li key={name}>
+                        <p className="text-mineshaft-300">
+                          <span className="font-medium text-bunker-200">{name}</span>: {description}
+                        </p>
+                      </li>
+                    );
+                  })}
+                </ul>
+              </div>
+            }
+          >
+            <Select
+              value={value}
+              onValueChange={(val) => {
+                onChange(val);
+                setValue("destinationConfig.hostId", "");
+                setValue("destinationConfig.hostName", "");
+              }}
+              className="w-full border border-mineshaft-500 capitalize"
+              position="popper"
+              placeholder="Select a scope..."
+              dropdownContainerClassName="max-w-none"
+            >
+              {Object.values(ZabbixSyncScope).map((scope) => (
+                <SelectItem className="capitalize" value={scope} key={scope}>
+                  {scope.replace("-", " ")}
+                </SelectItem>
+              ))}
+            </Select>
+          </FormControl>
+        )}
+      />
+      {currentScope === ZabbixSyncScope.Host && (
+        <Controller
+          name="destinationConfig.hostId"
+          control={control}
+          render={({ field: { value, onChange }, fieldState: { error } }) => (
+            <FormControl isError={Boolean(error)} errorText={error?.message} label="Host">
+              <FilterableSelect
+                menuPlacement="top"
+                isLoading={isHostsPending && Boolean(connectionId)}
+                isDisabled={!connectionId}
+                value={hosts.find((host) => host.hostId === value) ?? null}
+                onChange={(option) => {
+                  const selectedOption = option as SingleValue<TZabbixHost>;
+                  onChange(selectedOption?.hostId ?? null);
+
+                  if (selectedOption) {
+                    setValue("destinationConfig.hostName", selectedOption.host);
+                  } else {
+                    setValue("destinationConfig.hostName", "");
+                  }
+                }}
+                options={hosts}
+                placeholder="Select a host..."
+                getOptionLabel={(option) => option.host}
+                getOptionValue={(option) => option.hostId}
+              />
+            </FormControl>
+          )}
+        />
+      )}
+      <Controller
+        control={control}
+        name="destinationConfig.macroType"
+        defaultValue={ZabbixMacroType.Secret}
+        render={({ field: { onChange, value }, fieldState: { error } }) => (
+          <FormControl isError={Boolean(error)} errorText={error?.message} label="Macro Type">
+            <Select
+              value={String(value)}
+              onValueChange={(val) => onChange(parseInt(val, 10))}
+              className="w-full border border-mineshaft-500 capitalize"
+              position="popper"
+              placeholder="Select a macro type..."
+              dropdownContainerClassName="max-w-none"
+            >
+              <SelectItem value={String(ZabbixMacroType.Text)} key="text">
+                Text
+              </SelectItem>
+              <SelectItem value={String(ZabbixMacroType.Secret)} key="secret">
+                Secret
+              </SelectItem>
+            </Select>
+          </FormControl>
+        )}
+      />
+    </>
+  );
+};

frontend/src/components/secret-syncs/forms/SecretSyncOptionsFields/SecretSyncOptionsFields.tsx

@@ -23,6 +23,7 @@ export const SecretSyncOptionsFields = ({ hideInitialSync }: Props) => {
   const { control, watch } = useFormContext<TSecretSyncForm>();
 
   const destination = watch("destination");
+  const currentSyncOption = watch("syncOptions");
 
   const destinationName = SECRET_SYNC_MAP[destination].name;
 
@@ -57,6 +58,7 @@ export const SecretSyncOptionsFields = ({ hideInitialSync }: Props) => {
     case SecretSync.Flyio:
     case SecretSync.GitLab:
     case SecretSync.CloudflarePages:
+    case SecretSync.Zabbix:
       AdditionalSyncOptionsFieldsComponent = null;
       break;
     default:
@@ -127,8 +129,9 @@ export const SecretSyncOptionsFields = ({ hideInitialSync }: Props) => {
           {!syncOption?.canImportSecrets && (
             <p className="-mt-2.5 mb-2.5 text-xs text-yellow">
               <FontAwesomeIcon className="mr-1" size="xs" icon={faTriangleExclamation} />
-              {destinationName} only supports overwriting destination secrets. Secrets not present
-              in Infisical will be removed from the destination.
+              {destinationName} only supports overwriting destination secrets.{" "}
+              {!currentSyncOption.disableSecretDeletion &&
+                "Secrets not present in Infisical will be removed from the destination."}
             </p>
           )}
         </>

frontend/src/components/secret-syncs/forms/SecretSyncReviewFields/SecretSyncReviewFields.tsx

@@ -35,6 +35,7 @@ import { TeamCitySyncReviewFields } from "./TeamCitySyncReviewFields";
 import { TerraformCloudSyncReviewFields } from "./TerraformCloudSyncReviewFields";
 import { VercelSyncReviewFields } from "./VercelSyncReviewFields";
 import { WindmillSyncReviewFields } from "./WindmillSyncReviewFields";
+import { ZabbixSyncReviewFields } from "./ZabbixSyncReviewFields";
 
 export const SecretSyncReviewFields = () => {
   const { watch } = useFormContext<TSecretSyncForm>();
@@ -124,6 +125,9 @@ export const SecretSyncReviewFields = () => {
     case SecretSync.CloudflarePages:
       DestinationFieldsComponent = <CloudflarePagesSyncReviewFields />;
       break;
+    case SecretSync.Zabbix:
+      DestinationFieldsComponent = <ZabbixSyncReviewFields />;
+      break;
     default:
       throw new Error(`Unhandled Destination Review Fields: ${destination}`);
   }

frontend/src/components/secret-syncs/forms/SecretSyncReviewFields/ZabbixSyncReviewFields.tsx

@@ -0,0 +1,31 @@
+import { useFormContext } from "react-hook-form";
+
+import { TSecretSyncForm } from "@app/components/secret-syncs/forms/schemas";
+import { GenericFieldLabel } from "@app/components/v2";
+import { ZabbixSyncScope } from "@app/hooks/api/appConnections/zabbix";
+import { SecretSync } from "@app/hooks/api/secretSyncs";
+
+const isTextMacro = (macroType: number) => macroType === 0;
+
+export const ZabbixSyncReviewFields = () => {
+  const { watch } = useFormContext<TSecretSyncForm & { destination: SecretSync.Zabbix }>();
+  const scope = watch("destinationConfig.scope");
+  const hostId = watch("destinationConfig.hostId");
+  const hostName = watch("destinationConfig.hostName");
+  const macroType = watch("destinationConfig.macroType");
+
+  return (
+    <>
+      <GenericFieldLabel label="Scope">{scope}</GenericFieldLabel>
+      {scope === ZabbixSyncScope.Host && (
+        <>
+          <GenericFieldLabel label="Host ID">{hostId}</GenericFieldLabel>
+          <GenericFieldLabel label="Host Name">{hostName}</GenericFieldLabel>
+        </>
+      )}
+      <GenericFieldLabel label="Macro Type">
+        {isTextMacro(macroType) ? "Text" : "Secret"}
+      </GenericFieldLabel>
+    </>
+  );
+};

frontend/src/components/secret-syncs/forms/schemas/secret-sync-schema.ts

@@ -22,6 +22,7 @@ import { TeamCitySyncDestinationSchema } from "./teamcity-sync-destination-schem
 import { TerraformCloudSyncDestinationSchema } from "./terraform-cloud-destination-schema";
 import { VercelSyncDestinationSchema } from "./vercel-sync-destination-schema";
 import { WindmillSyncDestinationSchema } from "./windmill-sync-destination-schema";
+import { ZabbixSyncDestinationSchema } from "./zabbix-sync-destination-schema";
 
 const SecretSyncUnionSchema = z.discriminatedUnion("destination", [
   AwsParameterStoreSyncDestinationSchema,
@@ -45,7 +46,8 @@ const SecretSyncUnionSchema = z.discriminatedUnion("destination", [
   RenderSyncDestinationSchema,
   FlyioSyncDestinationSchema,
   GitlabSyncDestinationSchema,
-  CloudflarePagesSyncDestinationSchema
+  CloudflarePagesSyncDestinationSchema,
+  ZabbixSyncDestinationSchema
 ]);
 
 export const SecretSyncFormSchema = SecretSyncUnionSchema;

frontend/src/components/secret-syncs/forms/schemas/zabbix-sync-destination-schema.ts

@@ -0,0 +1,27 @@
+import { z } from "zod";
+
+import { BaseSecretSyncSchema } from "@app/components/secret-syncs/forms/schemas/base-secret-sync-schema";
+import { ZabbixMacroType, ZabbixSyncScope } from "@app/hooks/api/appConnections/zabbix";
+import { SecretSync } from "@app/hooks/api/secretSyncs";
+
+export const ZabbixSyncDestinationSchema = BaseSecretSyncSchema().merge(
+  z.object({
+    destination: z.literal(SecretSync.Zabbix),
+    destinationConfig: z.discriminatedUnion("scope", [
+      z.object({
+        scope: z.literal(ZabbixSyncScope.Host),
+        hostId: z.string().trim().min(1, "Host ID required"),
+        hostName: z.string().trim().min(1, "Host name required"),
+        macroType: z.nativeEnum(ZabbixMacroType, {
+          errorMap: () => ({ message: "Macro type must be either 'text' or 'secret'" })
+        })
+      }),
+      z.object({
+        scope: z.literal(ZabbixSyncScope.Global),
+        macroType: z.nativeEnum(ZabbixMacroType, {
+          errorMap: () => ({ message: "Macro type must be either 'text' or 'secret'" })
+        })
+      })
+    ])
+  })
+);

frontend/src/components/v2/HeaderResizer/HeaderResizer.tsx

@@ -0,0 +1,36 @@
+import { MouseEventHandler } from "react";
+
+export const HeaderResizer = ({
+  onMouseDown,
+  isActive,
+  scrollOffset,
+  heightOffset
+}: {
+  onMouseDown: MouseEventHandler<HTMLDivElement>;
+  isActive: boolean;
+  scrollOffset: number;
+  heightOffset: number;
+}) => {
+  return (
+    <>
+      <div
+        tabIndex={-1}
+        role="button"
+        className={`absolute left-0 z-40 h-0.5 w-full cursor-ns-resize hover:bg-blue-400/20 ${
+          isActive ? "bg-blue-400/75" : "bg-transparent"
+        }`}
+        onMouseDown={onMouseDown}
+        style={{
+          transform: "translateY(50%)",
+          top: heightOffset
+        }}
+      />
+      <div
+        style={{ left: `calc(50% + ${scrollOffset}px)`, top: heightOffset }}
+        className="pointer-events-none absolute z-30 -translate-x-1/2"
+      >
+        <div className="h-1 w-8 rounded bg-gray-400 opacity-50" />
+      </div>
+    </>
+  );
+};

frontend/src/components/v2/Table/Table.tsx

@@ -45,10 +45,14 @@ export const Table = ({ children, className }: TableProps): JSX.Element => (
 export type THeadProps = {
   children: ReactNode;
   className?: string;
+  style?: React.CSSProperties;
 };
 
-export const THead = ({ children, className }: THeadProps): JSX.Element => (
-  <thead className={twMerge("bg-mineshaft-800 text-xs uppercase text-bunker-300", className)}>
+export const THead = ({ children, className, style }: THeadProps): JSX.Element => (
+  <thead
+    className={twMerge("bg-mineshaft-800 text-xs uppercase text-bunker-300", className)}
+    style={style}
+  >
     {children}
   </thead>
 );
@@ -96,14 +100,16 @@ export const Tr = ({
 export type ThProps = {
   children?: ReactNode;
   className?: string;
+  style?: React.CSSProperties;
 };
 
-export const Th = ({ children, className }: ThProps): JSX.Element => (
+export const Th = ({ children, className, style }: ThProps): JSX.Element => (
   <th
     className={twMerge(
       "border-b-2 border-mineshaft-600 bg-mineshaft-800 px-5 pb-3.5 pt-4 font-semibold",
       className
     )}
+    style={style}
   >
     {children}
   </th>

frontend/src/helpers/appConnections.ts

@@ -37,7 +37,8 @@ import {
   TeamCityConnectionMethod,
   TerraformCloudConnectionMethod,
   VercelConnectionMethod,
-  WindmillConnectionMethod
+  WindmillConnectionMethod,
+  ZabbixConnectionMethod
 } from "@app/hooks/api/appConnections/types";
 import { HerokuConnectionMethod } from "@app/hooks/api/appConnections/types/heroku-connection";
 import { OCIConnectionMethod } from "@app/hooks/api/appConnections/types/oci-connection";
@@ -88,7 +89,8 @@ export const APP_CONNECTION_MAP: Record<
   [AppConnection.Render]: { name: "Render", image: "Render.png" },
   [AppConnection.Flyio]: { name: "Fly.io", image: "Flyio.svg" },
   [AppConnection.Gitlab]: { name: "GitLab", image: "GitLab.png" },
-  [AppConnection.Cloudflare]: { name: "Cloudflare", image: "Cloudflare.png" }
+  [AppConnection.Cloudflare]: { name: "Cloudflare", image: "Cloudflare.png" },
+  [AppConnection.Zabbix]: { name: "Zabbix", image: "Zabbix.png" }
 };
 
 export const getAppConnectionMethodDetails = (method: TAppConnection["method"]) => {
@@ -120,6 +122,7 @@ export const getAppConnectionMethodDetails = (method: TAppConnection["method"])
     case VercelConnectionMethod.ApiToken:
     case OnePassConnectionMethod.ApiToken:
     case CloudflareConnectionMethod.ApiToken:
+    case ZabbixConnectionMethod.ApiToken:
       return { name: "API Token", icon: faKey };
     case PostgresConnectionMethod.UsernameAndPassword:
     case MsSqlConnectionMethod.UsernameAndPassword:

frontend/src/helpers/secretSyncs.ts

@@ -81,6 +81,10 @@ export const SECRET_SYNC_MAP: Record<SecretSync, { name: string; image: string }
   [SecretSync.CloudflarePages]: {
     name: "Cloudflare Pages",
     image: "Cloudflare.png"
+  },
+  [SecretSync.Zabbix]: {
+    name: "Zabbix",
+    image: "Zabbix.png"
   }
 };
 
@@ -106,7 +110,8 @@ export const SECRET_SYNC_CONNECTION_MAP: Record<SecretSync, AppConnection> = {
   [SecretSync.Render]: AppConnection.Render,
   [SecretSync.Flyio]: AppConnection.Flyio,
   [SecretSync.GitLab]: AppConnection.Gitlab,
-  [SecretSync.CloudflarePages]: AppConnection.Cloudflare
+  [SecretSync.CloudflarePages]: AppConnection.Cloudflare,
+  [SecretSync.Zabbix]: AppConnection.Zabbix
 };
 
 export const SECRET_SYNC_INITIAL_SYNC_BEHAVIOR_MAP: Record<

frontend/src/hooks/api/appConnections/enums.ts

@@ -27,5 +27,6 @@ export enum AppConnection {
   Render = "render",
   Flyio = "flyio",
   Gitlab = "gitlab",
-  Cloudflare = "cloudflare"
+  Cloudflare = "cloudflare",
+  Zabbix = "zabbix"
 }

frontend/src/hooks/api/appConnections/types/app-options.ts

@@ -132,6 +132,10 @@ export type TCloudflareConnectionOption = TAppConnectionOptionBase & {
   app: AppConnection.Cloudflare;
 };
 
+export type TZabbixConnectionOption = TAppConnectionOptionBase & {
+  app: AppConnection.Zabbix;
+};
+
 export type TAppConnectionOption =
   | TAwsConnectionOption
   | TGitHubConnectionOption
@@ -159,7 +163,8 @@ export type TAppConnectionOption =
   | TRenderConnectionOption
   | TFlyioConnectionOption
   | TGitlabConnectionOption
-  | TCloudflareConnectionOption;
+  | TCloudflareConnectionOption
+  | TZabbixConnectionOption;
 
 export type TAppConnectionOptionMap = {
   [AppConnection.AWS]: TAwsConnectionOption;
@@ -191,4 +196,5 @@ export type TAppConnectionOptionMap = {
   [AppConnection.Flyio]: TFlyioConnectionOption;
   [AppConnection.Gitlab]: TGitlabConnectionOption;
   [AppConnection.Cloudflare]: TCloudflareConnectionOption;
+  [AppConnection.Zabbix]: TZabbixConnectionOption;
 };

frontend/src/hooks/api/appConnections/types/index.ts

@@ -29,6 +29,7 @@ import { TTeamCityConnection } from "./teamcity-connection";
 import { TTerraformCloudConnection } from "./terraform-cloud-connection";
 import { TVercelConnection } from "./vercel-connection";
 import { TWindmillConnection } from "./windmill-connection";
+import { TZabbixConnection } from "./zabbix-connection";
 
 export * from "./1password-connection";
 export * from "./auth0-connection";
@@ -59,6 +60,7 @@ export * from "./teamcity-connection";
 export * from "./terraform-cloud-connection";
 export * from "./vercel-connection";
 export * from "./windmill-connection";
+export * from "./zabbix-connection";
 
 export type TAppConnection =
   | TAwsConnection
@@ -89,7 +91,8 @@ export type TAppConnection =
   | TRenderConnection
   | TFlyioConnection
   | TGitLabConnection
-  | TCloudflareConnection;
+  | TCloudflareConnection
+  | TZabbixConnection;
 
 export type TAvailableAppConnection = Pick<TAppConnection, "name" | "id">;
 
@@ -146,4 +149,5 @@ export type TAppConnectionMap = {
   [AppConnection.Flyio]: TFlyioConnection;
   [AppConnection.Gitlab]: TGitLabConnection;
   [AppConnection.Cloudflare]: TCloudflareConnection;
+  [AppConnection.Zabbix]: TZabbixConnection;
 };

frontend/src/hooks/api/appConnections/types/zabbix-connection.ts

@@ -0,0 +1,14 @@
+import { AppConnection } from "@app/hooks/api/appConnections/enums";
+import { TRootAppConnection } from "@app/hooks/api/appConnections/types/root-connection";
+
+export enum ZabbixConnectionMethod {
+  ApiToken = "api-token"
+}
+
+export type TZabbixConnection = TRootAppConnection & { app: AppConnection.Zabbix } & {
+  method: ZabbixConnectionMethod.ApiToken;
+  credentials: {
+    apiToken: string;
+    instanceUrl: string;
+  };
+};

frontend/src/hooks/api/appConnections/zabbix/index.ts

@@ -0,0 +1,2 @@
+export * from "./queries";
+export * from "./types";

frontend/src/hooks/api/appConnections/zabbix/queries.tsx

@@ -0,0 +1,36 @@
+import { useQuery, UseQueryOptions } from "@tanstack/react-query";
+
+import { apiRequest } from "@app/config/request";
+
+import { appConnectionKeys } from "../queries";
+import { TZabbixHost } from "./types";
+
+const zabbixConnectionKeys = {
+  all: [...appConnectionKeys.all, "zabbix"] as const,
+  listHosts: (connectionId: string) => [...zabbixConnectionKeys.all, "hosts", connectionId] as const
+};
+
+export const useZabbixConnectionListHosts = (
+  connectionId: string,
+  options?: Omit<
+    UseQueryOptions<
+      TZabbixHost[],
+      unknown,
+      TZabbixHost[],
+      ReturnType<typeof zabbixConnectionKeys.listHosts>
+    >,
+    "queryKey" | "queryFn"
+  >
+) => {
+  return useQuery({
+    queryKey: zabbixConnectionKeys.listHosts(connectionId),
+    queryFn: async () => {
+      const { data } = await apiRequest.get<TZabbixHost[]>(
+        `/api/v1/app-connections/zabbix/${connectionId}/hosts`
+      );
+
+      return data;
+    },
+    ...options
+  });
+};

frontend/src/hooks/api/appConnections/zabbix/types.ts

@@ -0,0 +1,25 @@
+export type TZabbixHost = {
+  host: string;
+  hostId: string;
+};
+
+export enum ZabbixSyncScope {
+  Host = "host",
+  Global = "global"
+}
+
+export enum ZabbixMacroType {
+  Text = 0,
+  Secret = 1
+}
+
+export const ZABBIX_SYNC_SCOPES = {
+  [ZabbixSyncScope.Host]: {
+    name: "Host",
+    description: "Sync secrets to a specific host in Zabbix."
+  },
+  [ZabbixSyncScope.Global]: {
+    name: "Global",
+    description: "Sync secrets to a global scope in Zabbix."
+  }
+};