So I've taken a look at our current Elytron configuration integration provided by cct_module/os-eap7-launch/added/launch/elytron.sh. Currently there are few problems and enhancement options. Let's sum it up in points:

• Currently it's broken IMO because of:

    <file path=\"${HTTPS_KEYSTORE}\" relative-to=\"${HTTPS_KEYSTORE_DIR}\"/>\n\
     

  Attribute relative-to expects AFAIK directory variable (and not relative path) (check it here) and mounting secret containing keystore to path in server dir is not the way IMO.

• Second - I don't understand much to this condition. Once I have HTTPS_PASSWORD (see the preceding condition in the source) why I would need to set HTTPS_KEY_PASSWORD as well ? I am not sure whether key-store should use different password than key-manager (maybe yes?).
• Finally I don't really consider switching to Elytron as smooth. I would expect only to set the CONFIGURE_ELYTRON_SSL to true and would expect my app more or less working but I need to provide all those variables which doesn't reflect original configuration described by https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/red_hat_jboss_enterprise_application_platform_for_openshift/#https_env_variables.