Could CMEW make an API call to the Cyberark vault instead of just using the normal ID and password to access the MDB database?  The ID and password would then be supplied by the vault system to log on to the DB server. 

Release : 18.1

Component : CA CM Enterprise Workbench R12

No CMEW cannot do that.

Customer can write their own program to call that product's API, then write those credentials into CMEW's cfg file. After which Tomcat restart would be required, which can also be done programmatically.