Use Vault Secrets on Pull Request Trigger

I am using drone 0.8 enterprise edition and trying to publish a container to a private registry for testing. The trigger for this step is a pull request and my secret is stored in Vault but my username is not. I understand that secrets are not made available for pull request by default but this can be changed via the CLI. I also realized that the docs describe how to enable a secret to be used for a pull requests only if that secret is stored within Drone and not Vault. Is there anyway to enable a secret stored in Vault to be used when triggered by pull requests?

The step that gets triggered by the pull request is as shown below (with some identifying info removed):

      event: [ pull_request ]
    image: plugins/docker:17.05
    dockerfile: Dockerfile
    username: myusername
      - source: artifactory_password
        target: docker_password

The secrets section is as follows

        path: secret/shared/tap/drone-secrets/yadayada

I assume my credentials are not being passed to the container because when the step above runs and fails I see the following line in the output:
Registry credentials not provided. Guest mode enabled.

Is there anything I am missing?

Yes, you can add a special event attribute to your vault secret to enumerate the events that can have access to the secret:

Thanks! Will do the changes and provide an update on how it goes. This may take a while since we have an entirely separate team that manages our secrets and Vault.