From abfe56a901840db7b6b8261564b76fb098edc409 Mon Sep 17 00:00:00 2001
From: Michael Hofer <karras@0x539.ch>
Date: Sat, 25 Nov 2023 19:35:34 +0100
Subject: [PATCH] docs(traefik): add note regarding dns challenge provider
 token injection

---
 roles/traefik/README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/roles/traefik/README.md b/roles/traefik/README.md
index 013e8cb..8a4bb7d 100644
--- a/roles/traefik/README.md
+++ b/roles/traefik/README.md
@@ -2,6 +2,15 @@
 
 Manages and deploys Traefik.
 
+**Note:** When configuring Let's Encrypt based on the DNS challenge, it's
+recommended to store the appropriate access token for the DNS provider in a
+separate file. The file path (e.g. `/etc/traefik/token`) can then be injected
+via the systemd service file for Traefik (see the role variables). This way the
+token is not exposed directly in any environment variables. See also [Traefik -
+DNS Challenge Providers](https://doc.traefik.io/traefik/https/acme/#providers).
+
+# Example: 
+
 ## Example Playbook
 
 As this role is tested via Molecule one can use [that