Boundary vault integration - dynamic credential username_templating

Hi,

Regarding to boundary integrate with vault, when boundary credential store configure to use vault token to read the dynamic credentials from db connection in vault, it will pass “token” as user name to vault which configured a username_templating pattern to generate dynamic credential having username as “token_token_xxxxx”. Is there a way to pass user account who actually currently boundary authenticating through oidc method rather that “token” (somehow still be able to read credentials via token, but dynamic credential username-templating taking boundary oidc user account?)

Just trying to figure out how we can track dynamic credentials accessing DB if all user connect to backend db through
“boundary connect --target-id xxxx” as boundary controller will return same pattern of vault dynamic credentials without real user account name, then how to track/audit db activities for those users (even before they being removed after credential expired)?

Can anyone please help with this? Thanks…