diff --git a/ziti/cmd/file_mode_unix.go b/ziti/cmd/file_mode_unix.go
new file mode 100644
index 000000000..c5951a5c1
--- /dev/null
+++ b/ziti/cmd/file_mode_unix.go
@@ -0,0 +1,27 @@
+//go:build !windows
+
+package cmd
+
+import (
+	"os"
+	"syscall"
+)
+
+func getFileMode(isPrivateKey bool) os.FileMode {
+	// Default modes before umask:
+	// - Private keys: 0600 (rw-------)
+	// - Public files: 0644 (rw-r--r--)
+	mode := os.FileMode(0644)
+	if isPrivateKey {
+		mode = os.FileMode(0600)
+	}
+
+	// Get current umask
+	oldMask := syscall.Umask(0)
+	syscall.Umask(oldMask) // Restore original umask
+
+	// Apply umask to our default mode
+	mode &= ^os.FileMode(oldMask)
+
+	return mode
+}
diff --git a/ziti/cmd/file_mode_windows.go b/ziti/cmd/file_mode_windows.go
new file mode 100644
index 000000000..6e3ad42cf
--- /dev/null
+++ b/ziti/cmd/file_mode_windows.go
@@ -0,0 +1,15 @@
+//go:build windows
+
+package cmd
+
+import "os"
+
+func getFileMode(isPrivateKey bool) os.FileMode {
+	// Default modes for Windows:
+	// - Private keys: 0600 (rw-------)
+	// - Public files: 0644 (rw-r--r--)
+	if isPrivateKey {
+		return os.FileMode(0600)
+	}
+	return os.FileMode(0644)
+}
diff --git a/ziti/cmd/unwrap_identity.go b/ziti/cmd/unwrap_identity.go
index 6c78ca468..32ebe5e4d 100644
--- a/ziti/cmd/unwrap_identity.go
+++ b/ziti/cmd/unwrap_identity.go
@@ -7,9 +7,7 @@ import (
 	"github.com/spf13/cobra"
 	"io"
 	"os"
-	"runtime"
 	"strings"
-	"syscall"
 )
 
 type IdentityConfigFile struct {
@@ -95,24 +93,3 @@ func NewUnwrapIdentityFileCommand(out io.Writer, errOut io.Writer) *cobra.Comman
 
 	return cmd
 }
-
-func getFileMode(isPrivateKey bool) os.FileMode {
-	// Default modes before umask:
-	// - Private keys: 0600 (rw-------)
-	// - Public files: 0644 (rw-r--r--)
-	mode := os.FileMode(0644)
-	if isPrivateKey {
-		mode = os.FileMode(0600)
-	}
-
-	if runtime.GOOS != "windows" {
-		// Get current umask
-		oldMask := syscall.Umask(0)
-		syscall.Umask(oldMask) // Restore original umask
-
-		// Apply umask to our default mode
-		mode &= ^os.FileMode(oldMask)
-	}
-
-	return mode
-}