···

       
108
       
108
       
 
       
              ++ lib.optional cfg.proxied "--proxied";

     

       
109
       
109
       
 
       
          in

     

       
110
       
110
       
 
       
          ''

     

       
111
       
111
       
-
       
            export CLOUDFLARE_API_TOKEN=$(< "''${CREDENTIALS_DIRECTORY}/apiToken")

     

       
111
       
111
       
+
       
            export CLOUDFLARE_API_TOKEN_FILE=''${CREDENTIALS_DIRECTORY}/apiToken

     

       
112
       
112
       
 
       


     

       
113
       
113
       
 
       
            # Added 2025-03-10: `cfg.apiTokenFile` used to be passed as an

     

       
114
       
114
       
 
       
            # `EnvironmentFile` to the service, which required it to be of

     

       
115
       
115
       
 
       
            # the form "CLOUDFLARE_API_TOKEN=" rather than just the secret.

     

       
116
       
116
       
 
       
            # If we detect this legacy usage, error out.

     

       
117
       
117
       
-
       
            if [[ $CLOUDFLARE_API_TOKEN == CLOUDFLARE_API_TOKEN* ]]; then

     

       
117
       
117
       
+
       
            token=$(< "''${CLOUDFLARE_API_TOKEN_FILE}")

     

       
118
       
118
       
+
       
            if [[ $token == CLOUDFLARE_API_TOKEN* ]]; then

     

       
118
       
119
       
 
       
              echo "Error: your api token starts with 'CLOUDFLARE_API_TOKEN='. Remove that, and instead specify just the token." >&2

     

       
119
       
120
       
 
       
              exit 1

     

       
120
       
121
       
 
       
            fi