Vault agent and X509v3 Extended Key Usage

hi i am trying to renew certs issued by vault with TLS Web Client Authentication pegged onto extended key usage. i have tried

{{ $hostname := env "HOSTNAME" }}
{{ $host := printf "common_name=%s" $hostname }}
{{- with pkiCert "my-ca/issue/server" $host "ttl=15780000" "ip_sans=127.0.0.1" "ext_key_usage=ExtKeyUsageClientAuth" -}}
{{ .Cert }}
{{ if .Key }}
{{ .Key | writeToFile "/opt/kes/host.key" "" "" "0664" }}
{{ if .CA }}
{{ .CA | writeToFile "/opt/kes/ca.crt" "" "" "0664"}}
{{ end }}
{{ end }}
{{ end }}

but i get

[WARN] vault.pki(maglabs-intermediate-ca/issue/server->/opt/kes/host.crt): Endpoint ignored these unrecognized parameters: [ext_key_usage]

is this ability missing from the agent?