diff --git a/apiserver/security/user.py b/apiserver/security/user.py
index 0643504fac084fffbc110dbcb9afea47633e02fb..2225d209add100ea11b80196fb401c5926cacade 100644
--- a/apiserver/security/user.py
+++ b/apiserver/security/user.py
@@ -34,6 +34,7 @@ class Token(BaseModel):
 class User(BaseModel):
     username: str
     email: str = None
+    has_secrets_access: Optional[bool] = False
 
 
 class UserInDB(User):
diff --git a/apiserver/storage/JsonFileStorageAdapter.py b/apiserver/storage/JsonFileStorageAdapter.py
index 45404e542f17237e302d3038024197f115a70493..02aecc35860130bc9b771872abcd224688519203 100644
--- a/apiserver/storage/JsonFileStorageAdapter.py
+++ b/apiserver/storage/JsonFileStorageAdapter.py
@@ -9,7 +9,7 @@ from pydantic import BaseModel
 from apiserver.config import ApiserverSettings
 
 from .LocationStorage import (AbstractLocationDataStorageAdapter, LocationData,
-                              LocationDataType)
+                              LocationDataType, LocationDataWithSecrets)
 
 
 log = logging.getLogger(__name__)
diff --git a/apiserver/storage/LocationStorage.py b/apiserver/storage/LocationStorage.py
index 03b4bedef3b79cb48811f5cb4b20a161a9dba28a..ebe86d540f8561b0da51bf57c40742d6222bf917 100644
--- a/apiserver/storage/LocationStorage.py
+++ b/apiserver/storage/LocationStorage.py
@@ -8,6 +8,7 @@ from pydantic import BaseModel
 class LocationDataType(Enum):
     DATASET = 'dataset'
     STORAGETARGET = 'storage_target'
+    AIRFLOW_CONNECTIONS = 'airflow_connections'
 
 
 class LocationData(BaseModel):
@@ -15,6 +16,9 @@ class LocationData(BaseModel):
     url: str
     metadata: Optional[Dict[str, str]]
 
+class LocationDataWithSecrets(LocationData):
+    secrets: Optional[Dict[str, str]]
+
 
 class AbstractLocationDataStorageAdapter:
     """
diff --git a/userdb-cli.py b/userdb-cli.py
index b17226fff71cc4372f7a7599f9c86d4516768e90..54f5958584c1fe2533ee03670d790bea2408e607 100755
--- a/userdb-cli.py
+++ b/userdb-cli.py
@@ -2,7 +2,7 @@
 import os, json, argparse, abc
 
 from pydantic import BaseModel
-from typing import List
+from typing import List, Optional
 from passlib.context import CryptContext
 
 
@@ -10,6 +10,7 @@ from passlib.context import CryptContext
 class User(BaseModel):
     username: str
     email: str = None
+    has_secrets_access: Optional[bool] = False
 
 
 class UserInDB(User):
@@ -106,7 +107,7 @@ def main(args):
                 raise ValueError("No Password or hash given!")
             hash = get_password_hash(args.password)
         
-        user = UserInDB(username=args.username, email=args.mail, hashed_password=hash)
+        user = UserInDB(username=args.username, email=args.mail, hashed_password=hash, has_secrets_access=args.secret_access)
         userdb.add(user)
         print("new User added:")
         print(user)
@@ -122,6 +123,16 @@ def main(args):
         print("Deleting the following user:")
         print(user)
         userdb.delete(args.username)
+    elif 'give_secret' in args.operation:
+        user = userdb.get(args.username)
+        user.has_secrets_access = True
+        userdb.delete(args.username)
+        userdb.add(user)
+    elif 'remove_secret' in args.operation:
+        user = userdb.get(args.username)
+        user.has_secrets_access = False
+        userdb.delete(args.username)
+        userdb.add(user)
 
 
 if __name__ == "__main__":
@@ -129,14 +140,17 @@ if __name__ == "__main__":
     parser.add_argument("operation", type=str, nargs=1, help="\
 hash \tReturn a bcrypt hash for the given password. Requires -p. \n\
 ls \tLists all Users in the userdb. \n\
-add \tAdds a new user to the userdb. Requires -u, -m and either -p or -b. \n\
+add \tAdds a new user to the userdb. Requires -u, -m and either -p or -b. -s is optional.\n\
 show \tShows a single user from the userdb. Requires -u. \n\
+give_secret \tGives the given user access to secrets. Requires -u. \n\
+remove_secret \tRemove the given users access to secrets. Requires -u. \n\
 rm \tDeletes a single user from the userdb. Requires -u. \
 ")
     parser.add_argument("-u", "--username", help="The username that should be modified")
     parser.add_argument("-m", "--mail", help="The email of a newly created user.")
     parser.add_argument("-p", "--password", help="The password of a newly created user.")
     parser.add_argument("-b", "--bcrypt-hash", help="The bcrypt password-hash of a newly created user.")
+    parser.add_argument("-s", "--secret-access", action="store_true", help="Give the new user access to secrets.")
     parser.add_argument("userdb_path", type=str, nargs='?', help="The path to the userdb to be modified or created.", default="./userdb.json")
     args = parser.parse_args()
     main(args)
\ No newline at end of file