How can I create a Vault template policy referencing Nomad job metadata?

Hi, teams I support are deploying workloads using Nomad and retrieving credentials from Vault using the Nomad Vault integration.

To simplify policy management I would like to be able to create a Vault template policy to allow services to access their own credentials from the KV store similar to the identity policy example in the policies guide.

Something like

path "secret/data/{{identity.entity.metadata.team}}/services/{{identity.entity.name}}/*" {
  capabilities = ["read", "list"]
}

And then grant team access via a team admin policy like

path "secret/data/{{identity.entity.metadata.team}}/services/+/*" {
  capabilities = ["create", "update", "patch", "read", "delete"]
}

I can’t find any information about how or if entity information is populated when Nomad generates a Vault job token. Is what I would like to do possible? Could you share some reference on what identity information is associated to the Vault token generated by Nomad, and how to associate metadata to the token?

Thank you :pray: