Traefik, AKS, letsencrypt, Manage identities using AKS pod identities

Thankyou for your work on Traefik.

Trying to setup TLS using Letsencrypt DNS challenge. The call fails with the error as shown below.

Looks like traefik is expecting a value for AZURE_CLIENT_SECRET. I setup a managed identity using aad pod identities as described here (AzureDNS - cert-manager Documentation). That document isn't expecting a AZURE_CLIENT_SECRET. So is traefik expecting a different setup with AKS ? Is there an example / documentation one could look at ?

FWIW, I have already defined AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID, AZURE_TENANT_ID, AZURE_RESOURCE_GROUP the environment variables as in the traefik deployments. When I run the command

az identity show -n <name> -g <resourcegroup>

it shows the clientSecretUrl which looks something like

https://control-centralus.identity.azure.net/subscriptions/<suscription_id>/resourcegroups/gp-analog-gitops-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/traefik-id/credentials?tid=&oid=&aid=

, I set this to AZURE_CLIENT_SECRET. This is most probably wrong, but I don't have another value for AZURE_CLIENT_SECRET.

Any help is appreciated.