having passwords in config files as plain text is a concern. They either should be encrypted or should not be shown as plain text in config file i.e. can be taken from vault during runtime through a command. Apache Airflow provides this option through various _cmd config parameters.

https://airflow.apache.org/docs/stable/howto/set-config.html
 
In airflow we define a script as _cmd config parameter and airflow during runtime executes that scripts and gets db connection credentials.  
 
I request you to implement similar feature in Zabbix.