Lisa, we will be doing this in the next few weeks. Have you tried and experienced issues? I'd be interested in any feedback from your efforts.
For all, we have a working CyberArk plug-in that will use a <sid>adm login account to execute a brconnect command to change the password for BRT$ADM on the SAP databases. The CyberArk setup requires a couple of vault entries to make this work.