Identity awareness in Service Mesh

I’m looking to handle authN through the Service Mesh. I need to be aware of the identity of specific containers, but because of the nature of these containers, I need to not rely on the service within to self-identify. What I’m hoping is that perhaps Consul can somehow pass on mTLS identity to the service these containers are connecting to? Fwiw, my stack also includes Nomad and Vault.