A bit late to the question but I believe the closest thing to your requirement is: https://github.com/scarolan/painless-password-rotation

Use a Powershell script to rotate the password every x hours and store it in vault. Authorised users in Vault can request the credentials.

This way you'll have an audit log within Vault of who acquired the credentials and a limited TTL for the credentials based upon your rotation above.

Not ideal but the closest if you really need users to RDP onto hosts.