When using Namespaces in Vault, there is no possibility to configure integration with Zabbix, since the query path will automatically add "data".

https://www.vaultproject.io/docs/enterprise/namespaces

Based on the documentation, when using Namespaces, the path to the secret will look like this ns1/ns2/zabbix/data/macros, there zabbix is engine. In the value of the zabbix macro, we should then specify the path to the secret like this ns1/ns2/zabbix/macros:some-secret, but since Zabbix automatically adds "data", then we have the next URL for query https://127.0.0.1:8200/v1/ns1/data/ns2/zabbix/zabbix/macros

In the log we can observe the following error:

In zbx_http_get() URL 'https://127.0.0.1:8200/v1/ns1/data/ns2/zabbix/macros'
End of zbx_http_get():SUCCEED
cannot get secrets for path "ns1/ns2/zabbix/macros": unsuccessful response code "403"

Since many large organizations use Vault as a service, it cannot be configured without Namespaces. Therefore, it would be worth removing the automatic addition of "DATA" to the path and slightly changing the documentation, explaining to users how they need to form a request, besides, this moment is already mentioned in the documentation, with manual testing using CURL

https://www.zabbix.com/documentation/current/en/manual/config/secrets#:~:text=get%20secret/zabbix-,%23%20Finally%20test%20with%20Curl%2C%20note%20that%20%22data%22%20need%20to%20be%20manually%20added%20after%20mount%20point%20and%20%22/v1%22%20before%20the%20mount%20point%2C%20also%20see%20%2D%2Dcapath%20parameter,-%24%20curl%20%2D%2Dheader%20%22X

zabbix version: Zabbix 5.4.10

vault version: 1.9.2+ent