diff --git a/modules/cloudflare/main.tf b/modules/cloudflare/main.tf
index fc3e7e9..937afba 100644
--- a/modules/cloudflare/main.tf
+++ b/modules/cloudflare/main.tf
@@ -52,8 +52,8 @@ resource "null_resource" "cloudflare_zone_settings_override" {
   for_each = local.apps_grouped_by_root_domain
 
   triggers = {
-    zone_id              = data.cloudflare_zone.domain[each.key].id
     cloudflare_api_token = var.cloudflare_api_token
+    zone_id              = data.cloudflare_zone.domain[each.key].id
     ssl                  = "full"
     always_use_https     = "on"
   }
@@ -100,19 +100,21 @@ resource "null_resource" "cloudflare_ruleset" {
   for_each = local.apps_grouped_by_root_domain
 
   triggers = {
-    zone_id       = data.cloudflare_zone.domain[each.key].id
-    kind          = "zone"
-    phase         = "http_config_settings"
-    ruleset_rules = jsonencode(local.ruleset_rules[each.key])
+    cloudflare_api_token = var.cloudflare_api_token
+    zone_id              = data.cloudflare_zone.domain[each.key].id
+    kind                 = "zone"
+    phase                = "http_config_settings"
+    ruleset_rules        = jsonencode(local.ruleset_rules[each.key])
   }
 
   provisioner "local-exec" {
     command = "${path.module}/cloudflare_ruleset.sh"
     environment = {
-      ZONE_ID       = self.triggers.zone_id
-      KIND          = self.triggers.kind
-      PHASE         = self.triggers.phase
-      RULESET_RULES = self.triggers.ruleset_rules
+      CLOUDFLARE_API_TOKEN = self.triggers.cloudflare_api_token
+      ZONE_ID              = self.triggers.zone_id
+      KIND                 = self.triggers.kind
+      PHASE                = self.triggers.phase
+      RULESET_RULES        = self.triggers.ruleset_rules
     }
   }
 }