the problem is not in the vault. You are trying to configure ssl connector for JBossWeb and it has one attribute called "password" for keystore password and another "ca-certificate-password" for trustore password.
Try to create two password in your vault for example using folowing commands:
keytool -genkey -alias vault -keystore ~/dev/as7/vault.jks -keyalg RSA -keysize 1024 -storepass vault22 -keypass vault22 -dname "CN=Picketbox vault,OU=picketbox,O=JBoss,L=chicago,ST=il,C=us"
./bin/vault.sh -k ~/dev/as7/vault.jks -p vault22 -e ~/dev/as7/vault -i 50 -s 12345678 -v vault -b first -a password -x mysupersecret
./bin/vault.sh -k ~/dev/as7/vault.jks -p vault22 -e ~/dev/as7/vault -i 50 -s 12345678 -v vault -b second -a password -x myevenmoresecret
Configure vault accoring to instructions on screen and use each VAULT::.... you got as your passwords in <ssl> connector attributes.
BTW: Using system properties to store passwords is not very secure, since any app can see it (I am sure you know this).