RuntimeExpressionResolver does not fail upon seeing a vault expression if no VaultReader is present --------------------------------------------------------------------------------------------------- Key: WFCORE-2199 URL: https://issues.jboss.org/browse/WFCORE-2199 Project: WildFly Core Issue Type: Bug Components: Domain Management Reporter: Brian Stansberry Assignee: Brian Stansberry Priority: Minor If the server is unable to instantiate RuntimeVaultReader, which will be the case for the WildFly Core dist as it doesn't package the org.picketbox module needed by RuntimeVaultReader, then RuntimeExpressionResolver will ignore vault expressions, allowing the superclass to take over and process them. This will be done incorrectly, as the superclass will treat the first ':' in the vault expression as the delimiter between a system property name and the default value, resolving the expression to everything after that first ':'. So ${VAULT::datasources::password::123AB45CD} resolves to :datasources::password::123AB45CD Minor as the resolved value is unlikely to be useful, so there will be a failure. Possibly could be treated as an Enhancement. Fix would be for RuntimeExpressionResolver to check for the vault expression pattern and throw NoSuchItemException if found and not VaultReader is available.