Stian,
I have no affiliation with Ansible, but you do ... since recently :-)

What I do is:
1. I configured KC with passwords, URLs for the apps, certificates, Facebook tokens, etc.
2 I exported it into json dump files.
3. I repeated  1-2 until I had enough data for DEV, QA and PROD -  all different environments . Note that some parts of the exports remain the same - roles, groups.
4. I templetized the exported json files so that Ansible can substitute the environment sensitive bits and deploy to DEV, QA and PROD.

Same applies to the wildfly's standalone.xml - parametrize different versions for DEV, QA, PROD.

It is royal pain to create the J2 templates, initially, but not as much as trying to do it with jboss-cli (which I tried too, the Infinispan KC jboss cli script killed me!).

None of this is ideal , but expecting devops to click around HTML UIs  or manually hack xml/json these days is not OK.

Docker by itself is too weak for this sort of deep  configurations. 1.9 adds parameters, one can use env variables, but otherwise you are left with shell scripting/perl, regex in your Dockerfile ...

This still might sounds like an overkill, but when you add jgroups, cluster, network interfaces ,databases , firewall.... You start to realize why Red Hat acquired Ansible :-)

/Hristo Stoyanov