diff --git a/cmd/zrok/enable.go b/cmd/zrok/enable.go
index 78a18e93..9d69a03a 100644
--- a/cmd/zrok/enable.go
+++ b/cmd/zrok/enable.go
@@ -63,7 +63,7 @@ func (cmd *enableCommand) run(_ *cobra.Command, args []string) {
 	if err := zrokdir.SaveEnvironment(&zrokdir.Environment{ZrokToken: token, ZitiIdentityId: resp.Payload.Identity}); err != nil {
 		panic(err)
 	}
-	if err := zrokdir.WriteIdentityConfig(resp.Payload.Cfg); err != nil {
+	if err := zrokdir.WriteZitiIdentity("environment", resp.Payload.Cfg); err != nil {
 		panic(err)
 	}
 	logrus.Infof("enabled, identity = '%v'", resp.Payload.Identity)
diff --git a/cmd/zrok/httpbind.go b/cmd/zrok/httpbind.go
index 0aa687ad..882429c3 100644
--- a/cmd/zrok/httpbind.go
+++ b/cmd/zrok/httpbind.go
@@ -55,18 +55,18 @@ func (self *httpBindCommand) run(_ *cobra.Command, args []string) {
 		tb.SetInputMode(tb.InputEsc)
 	}
 
-	idCfg, err := zrokdir.IdentityConfigFile()
+	env, err := zrokdir.LoadEnvironment()
+	if err != nil {
+		panic(err)
+	}
+	zif, err := zrokdir.ZitiIdentityFile("environment")
 	if err != nil {
 		panic(err)
 	}
 	cfg := &bind.Config{
-		IdentityPath:    idCfg,
+		IdentityPath:    zif,
 		EndpointAddress: args[0],
 	}
-	env, err := zrokdir.LoadEnvironment()
-	if err != nil {
-		panic(err)
-	}
 
 	zrok := newZrokClient()
 	auth := httptransport.APIKeyAuth("X-TOKEN", "header", env.ZrokToken)
diff --git a/zrokdir/zrokdir.go b/zrokdir/zrokdir.go
index bd8ffb3b..2cf9b1c3 100644
--- a/zrokdir/zrokdir.go
+++ b/zrokdir/zrokdir.go
@@ -2,8 +2,8 @@ package zrokdir
 
 import (
 	"encoding/json"
+	"fmt"
 	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
 	"os"
 	"path/filepath"
 )
@@ -30,7 +30,6 @@ func LoadEnvironment() (*Environment, error) {
 }
 
 func SaveEnvironment(env *Environment) error {
-	logrus.Infof("saving environment")
 	data, err := json.MarshalIndent(env, "", "  ")
 	if err != nil {
 		return errors.Wrap(err, "error marshaling environment")
@@ -39,29 +38,35 @@ func SaveEnvironment(env *Environment) error {
 	if err != nil {
 		return errors.Wrap(err, "error getting environment file")
 	}
+	if err := os.MkdirAll(filepath.Dir(ef), os.FileMode(0700)); err != nil {
+		return errors.Wrapf(err, "error creating zrokdir path '%v'", filepath.Dir(ef))
+	}
 	if err := os.WriteFile(ef, data, os.FileMode(0600)); err != nil {
 		return errors.Wrap(err, "error saving environment file")
 	}
 	return nil
 }
 
-func WriteIdentityConfig(data string) error {
-	path, err := IdentityConfigFile()
+func WriteZitiIdentity(name, data string) error {
+	zif, err := ZitiIdentityFile(name)
 	if err != nil {
 		return err
 	}
-	if err := os.WriteFile(path, []byte(data), os.FileMode(400)); err != nil {
-		return err
+	if err := os.MkdirAll(filepath.Dir(zif), os.FileMode(0700)); err != nil {
+		return errors.Wrapf(err, "error creating zrokdir path '%v'", filepath.Dir(zif))
+	}
+	if err := os.WriteFile(zif, []byte(data), os.FileMode(0600)); err != nil {
+		return errors.Wrapf(err, "error writing ziti identity file '%v'", zif)
 	}
 	return nil
 }
 
-func IdentityConfigFile() (string, error) {
-	zrok, err := zrokDir()
+func ZitiIdentityFile(name string) (string, error) {
+	zrd, err := zrokDir()
 	if err != nil {
 		return "", err
 	}
-	return filepath.Join(zrok, "identity.json"), nil
+	return filepath.Join(zrd, "identities", fmt.Sprintf("%v.json", name)), nil
 }
 
 func environmentFile() (string, error) {