diff --git a/.github/workflows/clean.yml b/.github/workflows/clean.yml
index 5dcaf17..75cc6a3 100644
--- a/.github/workflows/clean.yml
+++ b/.github/workflows/clean.yml
@@ -23,8 +23,7 @@ jobs:
           CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
           ZONE_ID: ${{ secrets.ZONE_ID }}
-          AUTH_KEY: ${{ secrets.AUTH_KEY }}
-          AUTH_EMAIL: ${{ secrets.AUTH_EMAIL }}
+          POLYKEY_DOCS_CLOUDFLARE_CLEANUP_TOKEN: ${{ secrets.POLYKEY_DOCS_CLOUDFLARE_CLEANUP_TOKEN }}
         run: |
           echo 'Perform service deployment for feature'
           nix develop .#ci --command bash -c $'
diff --git a/flake.lock b/flake.lock
index f0bbeaf..e9cc766 100644
--- a/flake.lock
+++ b/flake.lock
@@ -39,11 +39,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1726018991,
-        "narHash": "sha256-/CuJ75h6NW0UR0Nv/4XCCYhNsVTDn2ezCepRN26eMbM=",
+        "lastModified": 1728611672,
+        "narHash": "sha256-jqM6akOBRR+eSYNO/zQ8Iz/NpIHnn/0ZXmHE05kNu1c=",
         "owner": "MatrixAI",
         "repo": "nixpkgs-matrix",
-        "rev": "e0cff071d16c8b601558d4a597e9d5d39a0db7af",
+        "rev": "c696ada734a21ee0821e86176b00f6b0b03f3d74",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index c6df781..512efb6 100644
--- a/flake.nix
+++ b/flake.nix
@@ -19,7 +19,7 @@
             shellHook = ''
               echo "Entering $(npm pkg get name)"
               set -o allexport
-              . ./.env
+              . <(pk secrets env Polykey-Docs:.)
               set +o allexport
               set -v
               ${lib.optionalString ci ''
diff --git a/scripts/certs_cleanup.sh b/scripts/certs_cleanup.sh
index 5fc01cb..47c1911 100755
--- a/scripts/certs_cleanup.sh
+++ b/scripts/certs_cleanup.sh
@@ -2,14 +2,12 @@
 
 response=$(curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/ssl/certificate_packs" \
                 -H "Content-Type: application/json" \
-                -H "X-Auth-Key: $AUTH_KEY" \
-                -H "X-Auth-Email: $AUTH_EMAIL")
+                -H "Authorization: Bearer $POLYKEY_DOCS_CLOUDFLARE_CLEANUP_TOKEN")
 
 cert_ids=$(echo "$response" | jq -r --arg domain "$DOMAIN" '.result[] | select(.hosts[] | contains($domain)) | .id')
 
 echo "$cert_ids" | while read -r cert_id; do
      curl -X DELETE --url "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/ssl/certificate_packs/$cert_id" \
           -H "Content-Type: application/json" \
-          -H "X-Auth-Key: $AUTH_KEY" \
-          -H "X-Auth-Email: $AUTH_EMAIL"
+          -H "Authorization: Bearer $POLYKEY_DOCS_CLOUDFLARE_CLEANUP_TOKEN"
 done