Zabbix Java Gateway supports SSL connections with auth, but currently Java arguments must be like this:

JAVA_OPTIONS="-Dcom.sun.management.jmxremote.ssl=true -Djavax.net.ssl.keyStore=/var/lib/zabbix/certs/zabbix_java_gateway.keystore -Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStore=/var/lib/zabbix/certs/zabbix_java_gateway.truststore -Djavax.net.ssl.trustStorePassword=changeit"

It is impossible to hide such password from "ps ax" command output, but Java has com.sun.management.jmxremote.ssl.config.file and com.sun.management.config.file arguments. Zabbix Java Gateway ignores these options and do not use them.