diff --git a/.github/workflows/arrow.yml b/.github/workflows/arrow.yml
index c970a21..77208c1 100644
--- a/.github/workflows/arrow.yml
+++ b/.github/workflows/arrow.yml
@@ -5,10 +5,10 @@ env:
   DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
   ARROW_IDENTITY_BASE64: ${{ secrets.ARROW_IDENTITY_BASE64 }}
   CLOUDFLARE_R2_ENDPOINT: "${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com"
-  TF_VAR_cloudflare_account_id: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
-  TF_VAR_cloudflare_r2_access_key: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY }}
-  TF_VAR_cloudflare_r2_secret_key: ${{ secrets.CLOUDFLARE_R2_SECRET_KEY }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.CLOUDFLARE_R2_SECRET_KEY }}
   TF_VAR_vultr_api_key: ${{ secrets.VULTR_API_KEY }}
+  TF_VAR_cloudflare_r2_endpoint: "${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com"
 
 on:
   workflow_dispatch:
@@ -57,9 +57,6 @@ jobs:
             result/iso/nixos.iso \
             s3://noahmasur-arrow-images/arrow.iso \
             --endpoint-url "https://${{ env.CLOUDFLARE_R2_ENDPOINT }}"
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.CLOUDFLARE_R2_SECRET_KEY }}
 
       # # Copy the image to S3
       # - name: Upload Image to Cache
diff --git a/hosts/arrow/main.tf b/hosts/arrow/main.tf
index 181a61c..56148a6 100644
--- a/hosts/arrow/main.tf
+++ b/hosts/arrow/main.tf
@@ -17,20 +17,9 @@ terraform {
 #   image_file = one(fileset(path.root, "result/iso/nixos.iso"))
 # }
 
-variable "cloudflare_account_id" {
+variable "cloudflare_r2_endpoint" {
   type        = string
-  description = "ID of the Cloudflare account"
-}
-
-variable "cloudflare_r2_access_key" {
-  type        = string
-  description = "Non-sensitive access key ID for Cloudflare R2"
-}
-
-variable "cloudflare_r2_secret_key" {
-  type        = string
-  description = "Sensitive access key secret for Cloudflare R2"
-  sensitive   = true
+  description = "Domain for the Cloudflare R2 endpoint"
 }
 
 variable "vultr_api_key" {
@@ -42,15 +31,12 @@ variable "vultr_api_key" {
 provider "aws" {
   region = "us-east-1"
 
-  access_key = var.cloudflare_r2_access_key
-  secret_key = var.cloudflare_r2_secret_key
-
   skip_credentials_validation = true
   skip_region_validation      = true
   skip_requesting_account_id  = true
 
   endpoints {
-    s3 = "https://${var.cloudflare_account_id}.r2.cloudflarestorage.com"
+    s3 = "https://${var.cloudflare_r2_endpoint}"
   }
 }