If the server is unable to instantiate RuntimeVaultReader, which will be the case for the WildFly Core dist as it doesn't package the org.picketbox module needed by RuntimeVaultReader, then RuntimeExpressionResolver will ignore vault expressions, allowing the superclass to take over and process them. This will be done incorrectly, as the superclass will treat the first ':' in the vault expression as the delimiter between a system property name and the default value, resolving the expression to everything after that first ':'. So

${VAULT::datasources::password::123AB45CD}

resolves to

:datasources::password::123AB45CD

Minor as the resolved value is unlikely to be useful, so there will be a failure.

Possibly could be treated as an Enhancement.

Fix would be for RuntimeExpressionResolver to check for the vault expression pattern and throw NoSuchItemException if found and not VaultReader is available.