diff --git a/apiserver/security/user.py b/apiserver/security/user.py
index 2225d209add100ea11b80196fb401c5926cacade..5df8957bc0bccae2041e57024ff94de1e610de31 100644
--- a/apiserver/security/user.py
+++ b/apiserver/security/user.py
@@ -34,12 +34,16 @@ class Token(BaseModel):
 class User(BaseModel):
     username: str
     email: str = None
-    has_secrets_access: Optional[bool] = False
+    has_secrets_access: bool = False
 
 
 class UserInDB(User):
     hashed_password: str = None
 
+class Secret(BaseModel):
+    key: str = None
+    secret: str = None
+
 
 class AbstractDBInterface(metaclass=abc.ABCMeta):
     @abc.abstractclassmethod
diff --git a/apiserver/storage/JsonFileStorageAdapter.py b/apiserver/storage/JsonFileStorageAdapter.py
index 94e1ccd690a9ba442b4625d9187da44764c4b70c..5ce07a35e88ce8a59720a9f8b0814874b3fc9e59 100644
--- a/apiserver/storage/JsonFileStorageAdapter.py
+++ b/apiserver/storage/JsonFileStorageAdapter.py
@@ -66,7 +66,7 @@ class JsonFileStorageAdapter(AbstractLocationDataStorageAdapter):
 
     def __get_object_path(self, value: str, oid: str) -> str:
         localpath = os.path.join(self.data_dir, value)
-        full_path = os.path.join(localpath, oid)
+        full_path = os.path.join(localpath, str(oid))
         common = os.path.commonprefix((os.path.realpath(full_path),os.path.realpath(self.data_dir)))
         if common != os.path.realpath(self.data_dir):
             log.error(f"Escaping the data dir! {common} {full_path}")
@@ -85,7 +85,7 @@ class JsonFileStorageAdapter(AbstractLocationDataStorageAdapter):
         if not os.path.isfile(path):
             return {}
         with open(path, "r") as file:
-            dict = eval(file.read())
+            dict = json.load(file)
         return dict
 
     def __store_secrets(self, path: str, secrets: Dict[str, str]):
@@ -139,7 +139,7 @@ class JsonFileStorageAdapter(AbstractLocationDataStorageAdapter):
         """ list all available secrets for this object"""
         secrets_path = self.__get_secrets_path(value=n_type.value, oid=oid)
         secrets = self.__load_secrets(secrets_path)
-        return secrets.keys()
+        return list(secrets.keys())
 
     def add_update_secret(self, n_type: LocationDataType, oid:str, key: str, value: str, usr: str):
         """ add new secrets to an existing object"""