diff --git a/modules/system/vpns.nix b/modules/system/vpns.nix
index ce49bc5..3b11dff 100644
--- a/modules/system/vpns.nix
+++ b/modules/system/vpns.nix
@@ -32,10 +32,6 @@ in
         '';
       };
     };
-    sops.secrets = lib.optionalAttrs cfg.openvpn_pia_mexico {
-      "pia_auth" = { owner = "root"; group = "root"; };
-      "openvpn_pia_mexico_config" = {owner = "root"; group = "root"; };
-    };
 
     # enable pia mexico w/ wireguard
     networking.wireguard.interfaces = lib.mkIf cfg.wg_pia_mexico {
@@ -56,8 +52,11 @@ in
     };
 
     # secrets only if VPN is enabled
-    sops.secrets = lib.optionalAttrs cfg.wireguard_pia_mexico {
+    sops.secrets = lib.mkIf cfg.vpns.enabled {
       "wg_pia_mexico_key" = { owner = "root"; group = "root"; };
+      "pia_auth" = { owner = "root"; group = "root"; };
+      "openvpn_pia_mexico_config" = {owner = "root"; group = "root"; };
+ 
     };
   };
 }