I understand that if we use the SAME SecretKey (byte array) for each AES/CBC encryption, we need to use a random IV for each encryption for better security.
but what if we always use a DIFFERENT secret key (generated by a random salt and the SAME password) for each AES/CBC encryption, do we have to use a random IV each encryption int the case? (OR just use fixed zero IV in the case). Thank you.
I understand that if we use the SAME SecretKey (byte array) for each AES/CBC encryption, we need to use a random IV for each encryption.
That's not the precise definition. It should be impossible for an adversary to predict (part of) the IV value for CBC mode. That means that the IV must be randomized. That's somewhat different from random: you could use a counter, encrypt that, and use the result as IV.
Usually however, the IV is generated using cryptographically secure random number generator.
but what if we always use a DIFFERENT secret key (generated by a random salt and the SAME password) for each AES/CBC encryption, do we have to use a random IV each encryption? (OR just pass fixed zero IV).
No in that case you can indeed get away with any static IV. However, you could also decide to generate both the key and IV from the password and salt (this is e.g. what OpenSSL does). Again, the IV is randomized, rather than fully random.
Beware that if you'd use PBKDF2 to derive key and IV that you should make sure that the key + IV aren't larger than the output size of the hash that you use (otherwise the legitimate user has to perform twice the work compared to an attacker, with no benefit). So for AES-256 you'd have to use SHA-512 within PBKDF2.