diff --git a/globals/globals.go b/globals/globals.go
index e0abb6b27d..0f9dcc6eae 100644
--- a/globals/globals.go
+++ b/globals/globals.go
@@ -17,6 +17,7 @@ const (
 type (
 	ContextMaxRequestSizeType      struct{}
 	ContextOriginalRequestPathType struct{}
+	ContextAuthTokenPublicIdType   struct{}
 )
 
 var (
@@ -30,6 +31,10 @@ var (
 	// about clashing string identifiers
 	ContextMaxRequestSizeTypeKey ContextMaxRequestSizeType
 
+	// ContextAuthTokenPublicIdKey is a value to keep linters from complaining
+	// about clashing string identifiers
+	ContextAuthTokenPublicIdKey ContextAuthTokenPublicIdType
+
 	// ContextOriginalRequestPathTypeKey is a value to keep linters from complaining
 	// about clashing string identifiers
 	ContextOriginalRequestPathTypeKey ContextOriginalRequestPathType
diff --git a/internal/daemon/controller/handler.go b/internal/daemon/controller/handler.go
index d390cf1b61..d6f1dbdb45 100644
--- a/internal/daemon/controller/handler.go
+++ b/internal/daemon/controller/handler.go
@@ -411,6 +411,7 @@ func wrapHandlerWithCommonFuncs(h http.Handler, c *Controller, props HandlerProp
 		}
 
 		requestInfo.PublicId, requestInfo.EncryptedToken, requestInfo.TokenFormat = auth.GetTokenFromRequest(ctx, c.kms, r)
+		ctx = context.WithValue(ctx, globals.ContextAuthTokenPublicIdKey, requestInfo.PublicId)
 
 		if info, ok := event.RequestInfoFromContext(ctx); ok {
 			// piggyback some eventing fields with the auth info proto message