diff --git a/vpn-transit-gateway/README.md b/vpn-transit-gateway/README.md
index 7423cfa..70b8238 100644
--- a/vpn-transit-gateway/README.md
+++ b/vpn-transit-gateway/README.md
@@ -78,6 +78,8 @@ No modules.
 | [aws_vpn_connection.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_connection) | resource |
 | [local_sensitive_file.vpn_details_json](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource |
 | [local_sensitive_file.vpn_details_yaml](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource |
+| [local_sensitive_file.vpn_site_details_json](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource |
+| [local_sensitive_file.vpn_site_details_yaml](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource |
 | [null_resource.directory_setup](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.generate_configs](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [random_string.tunnel_preshared_key](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
diff --git a/vpn-transit-gateway/vpn-config.tf b/vpn-transit-gateway/vpn-config.tf
index 226fc97..8eeabfd 100644
--- a/vpn-transit-gateway/vpn-config.tf
+++ b/vpn-transit-gateway/vpn-config.tf
@@ -1,5 +1,6 @@
 locals {
   vpn_tunnel_outputs = { for k, v in local.vpn_settings : k => {
+    vpn_name          = k
     site              = v.site
     vpn_environment   = v.environment
     sequence          = v.sequence
@@ -14,6 +15,7 @@ locals {
     region            = local.region
     region_short      = local.region_short
     account_id        = local.account_id
+    account_alias     = data.aws_iam_account_alias.current.account_alias
 
     tunnel1_label              = format("%v %v %v %v %v", aws_vpn_connection.vpn[k].tunnel1_inside_cidr, local.account_id, local.region_short, var.vpc_short_name, v.label)
     tunnel1_bgp_asn            = aws_vpn_connection.vpn[k].tunnel1_bgp_asn
@@ -39,6 +41,10 @@ locals {
     tunnel2_preshared_key = aws_vpn_connection.vpn[k].tunnel2_preshared_key
     }
   }
+  vpn_tunnel_sites = distinct([for k, v in local.vpn_tunnel_outputs : v.site])
+  # use tunnel secrets if needed
+  #  vpn_site_tunnel_outputs = { for s in local.vpn_tunnel_sites: s => flatten([ for k,v in local.vpn_tunnel_outputs: merge(v,local.vpn_tunnel_secrets[k]) if v.site=s ]) }
+  vpn_site_tunnel_outputs = { for s in local.vpn_tunnel_sites : s => flatten([for k, v in local.vpn_tunnel_outputs : v if v.site == s]) }
 }
 
 resource "null_resource" "directory_setup" {
@@ -70,8 +76,8 @@ resource "null_resource" "generate_configs" {
 
 resource "local_sensitive_file" "vpn_details_json" {
   for_each = var.generate_json_files ? local.vpn_tunnel_outputs : {}
-  #  content = templatefile("${path.module}/templates/vpn_details.tpl"), {
-  content         = jsonencode(merge({ version = local._module_version, vpn_name = each.key }, each.value, local.vpn_tunnel_secrets[each.key]))
+  #  content         = jsonencode(merge({ version = local._module_version, vpn_name = each.key }, each.value, local.vpn_tunnel_secrets[each.key]))
+  content         = jsonencode(merge({ version = local._module_version }, each.value, local.vpn_tunnel_secrets[each.key]))
   filename        = format("%v/%v/%v.%v.%v.json", path.root, null_resource.directory_setup.triggers.name, local.account_id, local.region, each.key)
   file_permission = "0644"
 }
@@ -79,7 +85,22 @@ resource "local_sensitive_file" "vpn_details_json" {
 resource "local_sensitive_file" "vpn_details_yaml" {
   for_each = var.generate_yaml_files ? local.vpn_tunnel_outputs : {}
   #  content = templatefile("${path.module}/templates/vpn_details.tpl"), {
-  content         = yamlencode(merge({ version = local._module_version, vpn_name = each.key }, each.value, local.vpn_tunnel_secrets[each.key]))
+  #  content         = yamlencode(merge({ version = local._module_version, vpn_name = each.key }, each.value, local.vpn_tunnel_secrets[each.key]))
+  content         = yamlencode(merge({ version = local._module_version }, each.value, local.vpn_tunnel_secrets[each.key]))
   filename        = format("%v/%v/%v.%v.%v.yml", path.root, null_resource.directory_setup.triggers.name, local.account_id, local.region, each.key)
   file_permission = "0644"
 }
+
+resource "local_sensitive_file" "vpn_site_details_json" {
+  for_each        = var.generate_json_files ? local.vpn_site_tunnel_outputs : {}
+  content         = jsonencode(merge({ version = local._module_version }, each.value))
+  filename        = format("%v/%v/site.%v.%v.%v.json", path.root, null_resource.directory_setup.triggers.name, local.account_id, local.region, each.key)
+  file_permission = "0644"
+}
+
+resource "local_sensitive_file" "vpn_site_details_yaml" {
+  for_each        = var.generate_yaml_files ? local.vpn_site_tunnel_outputs : {}
+  content         = yamlencode(merge({ version = local._module_version }, each.value))
+  filename        = format("%v/%v/site.%v.%v.%v.yml", path.root, null_resource.directory_setup.triggers.name, local.account_id, local.region, each.key)
+  file_permission = "0644"
+}