Yaron Schneider

> +1 A little flavor on my use case. I have an outbound REST call and I had hoped to offload the creation of an OAuth token with client credentials...

> I like the idea of this in general. However, are you planning on still requiring some special steps by the client-side code or will it be done via something...

> Any idea if this going to make it into the v1.8 release? No, this will likely go into 1.9 or 1.10.

I recommend to not default to anything. `app-id` is a required annotation and the injector should log it and fail the injection.

It can be a Helm Chart value: zerotrust=true.

Yes, I think having cert-manager support will be of great help, especially towards auto-rotating root certs.

> Hi all 👋 > > I am a [cert-manager](https://github.com/cert-manager/cert-manager) maintainer, and would be keen to implement an integration 🙂 That would be great and highly appreciated! > As I...

@ItalyPaleAle what's the concern with Let's Encrypt and public endpoints? we allow Dapr to fetch secrets from public endpoints today, so I'm not sure why fetching a cert would be...

Dapr supports arbitrary fields in a custom CloudEvents envelope, so theoretically the publisher can just add all those fields to the CloudEvent message and these would be visible to subscribers....

Why can't this go under the dapr org?