Observation in EAP6: Set <resolve-parameter-values>true</resolve-parameter-values> in jboss-cli.xml and execute cli script like ./jboss-cli.sh -c --file=../../cli/vault.cli --properties=../../cli/vault.properties and every expressions mentioned in vault.properties got resolved during execution. Output: [sidde@sidde configuration]$ ../../bin/jboss-cli.sh -c --file=../../cli/vault.cli --properties=../../cli/vault.properties {"outcome" => "success"} { "outcome" => "success", "result" => { "code" => undefined, "module" => undefined, "vault-options" => { "KEYSTORE_URL" => expression "${jboss.server.config.dir}/vault/vault.keystore", "KEYSTORE_PASSWORD" => "MASK-20z/5hRIeZClI0h6Wztl9Z", "KEYSTORE_ALIAS" => "vault", "SALT" => "12345678", "ITERATION_COUNT" => "50", "ENC_FILE_DIR" => expression "${jboss.server.config.dir}/vault/" } } } Observation in EAP7: Tried to execute the same in EAP7 by doing the same changes in jboss-cli.xml but while executing cli in same fashion, received below error [sidde@sidde bin]$ ./jboss-cli.sh -c --file=../cli/vault.cli --properties=../cli/vault.properties { "outcome" => "failed", "failure-description" => "WFLYCTL0211: Cannot resolve expression '${vault.keystore.url}'", "rolled-back" => true } Below are the files for reference vault.cli: /core-service=vault:add( \ vault-options=[ \ ("KEYSTORE_URL" => "${vault.keystore.url}"), \ ("KEYSTORE_PASSWORD" => "${vault.keystore.password}"), \ ("KEYSTORE_ALIAS" => "${vault.keystore.alias}"), \ ("SALT" => "${vault.salt}"), \ ("ITERATION_COUNT" => "${vault.iteration}"), \ ("ENC_FILE_DIR" => "${vault.encfiledir}") \ ] \ ) /core-service=vault:read-resource(recursive=true) vault.properties: vault.keystore.url=${jboss.server.config.dir}/vault/vault.keystore vault.keystore.password=MASK-20z/5hRIeZClI0h6Wztl9Z vault.keystore.alias=vault vault.salt=12345678 vault.iteration=50 vault.encfiledir=${jboss.server.config.dir}/vault/

Load the properties during startup (standalone.sh -P vault.properties) and execute the cli, which will give successful execution and internally resolves the expressions. However we will not able to view the actual value through cli, it will show the expressions only, where in EAP6 these expressions are replaced by actual value from property file after execution. [sidde@sidde bin]$ ./jboss-cli.sh -c --file=../cli/vault.cli {"outcome" => "success"} { "outcome" => "success", "result" => { "code" => undefined, "module" => undefined, "vault-options" => { "KEYSTORE_URL" => expression "${vault.keystore.url}", "KEYSTORE_PASSWORD" => expression "${vault.keystore.password}", "KEYSTORE_ALIAS" => expression "${vault.keystore.alias}", "SALT" => expression "${vault.salt}", "ITERATION_COUNT" => expression "${vault.iteration}", "ENC_FILE_DIR" => expression "${vault.encfiledir}" } } }