diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 42586b4..64f4040 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -66,7 +66,8 @@ jobs:
         env:
           TF_VAR_cloudflare_account_id: ${{ secrets.CF_ACCOUNT_ID }}
           TF_VAR_cloudflare_api_token: ${{ secrets.CF_API_TOKEN }}
-          TF_VAR_cloudflare_zone_name: ${{ secrets.CF_ZONE_NAME }}
+          TF_VAR_cloudflare_zone_id: ${{ secrets.CF_ZONE_ID }}
+          TF_VAR_cloudflare_deploy_domain: ${{ secrets.CF_DEPLOY_DOMAIN }}
           TF_VAR_gh_username: ${{ github.actor }}
           TF_VAR_d1_id: ${{ env.d1_id }}
           TF_VAR_access_auth_domain: ${{ env.auth_domain }}
diff --git a/tf/main.tf b/tf/main.tf
index 6e87e8b..5736167 100644
--- a/tf/main.tf
+++ b/tf/main.tf
@@ -2,7 +2,11 @@ variable "cloudflare_account_id" {
   type = string
 }
 
-variable "cloudflare_zone_name" {
+variable "cloudflare_zone_id" {
+  type = string
+}
+
+variable "cloudflare_deploy_domain" {
   type = string
 }
 
@@ -40,12 +44,6 @@ provider "cloudflare" {
   api_token = var.cloudflare_api_token
 }
 
-data "cloudflare_zone" "zone" {
-  account_id = var.cloudflare_account_id
-  name       = var.cloudflare_zone_name
-}
-
-
 resource "cloudflare_workers_kv_namespace" "wildebeest_cache" {
   account_id = var.cloudflare_account_id
   title = "wildebeest-${var.gh_username}-cache"
@@ -70,7 +68,7 @@ resource "cloudflare_pages_project" "wildebeest_pages_project" {
 
         USER_KEY = random_password.user_key.result
 
-        DOMAIN = var.cloudflare_zone_name
+        DOMAIN = var.cloudflare_deploy_domain
         ACCESS_AUD = cloudflare_access_application.wildebeest_access.aud
         ACCESS_AUTH_DOMAIN = var.access_auth_domain
       }
@@ -85,8 +83,8 @@ resource "cloudflare_pages_project" "wildebeest_pages_project" {
 }
 
 resource "cloudflare_record" "record" {
-  zone_id = data.cloudflare_zone.zone.id
-  name    = "@"
+  zone_id = var.cloudflare_zone_id
+  name    = var.cloudflare_deploy_domain
   value   = cloudflare_pages_project.wildebeest_pages_project.subdomain
   type    = "CNAME"
   ttl     = 1
@@ -96,7 +94,7 @@ resource "cloudflare_record" "record" {
 resource "cloudflare_pages_domain" "domain" {
   account_id   = var.cloudflare_account_id
   project_name = "wildebeest-${var.gh_username}"
-  domain       = var.cloudflare_zone_name
+  domain       = var.cloudflare_deploy_domain
 
   depends_on = [
     cloudflare_pages_project.wildebeest_pages_project,
@@ -107,7 +105,7 @@ resource "cloudflare_pages_domain" "domain" {
 resource "cloudflare_access_application" "wildebeest_access" {
   account_id                = var.cloudflare_account_id
   name                      = "wildebeest-${var.gh_username}"
-  domain                    = "${var.cloudflare_zone_name}/oauth/authorize"
+  domain                    = "${var.cloudflare_deploy_domain}/oauth/authorize"
   type                      = "self_hosted"
   session_duration          = "168h"
   auto_redirect_to_identity = false
@@ -115,12 +113,12 @@ resource "cloudflare_access_application" "wildebeest_access" {
 
 resource "cloudflare_access_policy" "policy" {
   application_id = cloudflare_access_application.wildebeest_access.id
-  zone_id        = data.cloudflare_zone.zone.id
+  account_id     = var.cloudflare_account_id
   name           = "policy"
   precedence     = "1"
   decision       = "allow"
 
   include {
-    email = ["test@example.com"]
+    email = ["CHANGEME@example.com"]
   }
 }