Today only actor values are captured in audit logs. It would be useful to link personal access tokens to the users that created them, and track usage from these tokens for auditing purposes. Currently, there is no way to track what user has used ssh-rerun on the platform (if accessed by PAT token); if a user account is compromised, audit logs will not surface what user initiated the rerun or what they did with it.