traefik: feat: Use Cloudflare API Tokens instead of API Key for security

traefik/docker-compose.yml

@@ -11,8 +11,10 @@ services:
     container_name: traefik
     restart: always
     environment:
-      - CF_API_EMAIL=${CF_API_EMAIL}
+      # - CF_API_EMAIL=${CF_API_EMAIL} # used with CF_API_KEY
-      - CF_API_KEY=${CF_API_KEY}
+      # - CF_API_KEY=${CF_API_KEY} # Global API Key, unsafe
+      - CF_ZONE_API_TOKEN=${CF_ZONE_API_TOKEN} # Zone / Zone / Read, scope across all zones
+      - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN} # Zone / DNS / Edit, scope to specific domain(s)
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
       - "./acme.json:/acme.json"