For Zabbix communication encryption, two types are supported:
Pre-shared key
Certificate-based encryption
The pre-shared key (PSK) type is very easy to set up but is likely harder to scale. Certificate-based encryption can be more complicated to set up but easier to manage on a larger scale and potentially more secure.
This encryption is supported between all Zabbix components—server, proxy, agent, and even zabbix_sender
and zabbix_get
.
For outgoing connections (such as server-to-agent or proxy-to-server), only one type may be used (no encryption, and PSK or certificate-based). For incoming connections, multiple types may be accepted. This way, an agent could work with encryption by default for active or passive items from the server and then work without encryption with zabbix_get
for debugging.