diff --git a/apiserver/storage/EncryptedJsonFileStorageAdapter.py b/apiserver/storage/EncryptedJsonFileStorageAdapter.py
new file mode 100644
index 0000000000000000000000000000000000000000..12cfcc6c859ae13db90a5815cf7754b2b26398a0
--- /dev/null
+++ b/apiserver/storage/EncryptedJsonFileStorageAdapter.py
@@ -0,0 +1,41 @@
+from fastapi.exceptions import HTTPException
+from JsonFileStorageAdapter import JsonFileStorageAdapter, LocationDataType
+from cryptography.fernet import Fernet
+
+from apiserver.config.settings import ApiserverSettings
+
+class EncryptedJsonFileStorageAdapter(JsonFileStorageAdapter):
+
+    def encrypt(self, string: str):
+        f = Fernet(self.encryption_key)
+        return f.encrypt(string.encode())
+
+    def decrypt(self, string: str):
+        f = Fernet(self.encryption_key)
+        return f.decrypt(string.encode())
+    
+    def __init__(self, settings: ApiserverSettings, encryption_key) -> None:
+        self.encryption_key = encryption_key
+        super().__init__(settings)
+    
+    
+    def get_secret_values(self, n_type: LocationDataType, oid:str, usr: str):
+        """ get all available secrets (key + value) for this object"""
+        encrypted_dict = super().get_secret_values(n_type, oid, usr)
+        decrypted_dict = {}
+        for key in encrypted_dict:
+            decrypted_dict[key] = self.decrypt(encrypted_dict[key])
+        return decrypted_dict
+
+    def add_update_secret(self, n_type: LocationDataType, oid:str, key: str, value: str, usr: str):
+        """ add new secrets to an existing object"""
+        super().add_update_secret(n_type, oid, key, self.encrypt(value), usr)
+
+    def get_secret(self, n_type: LocationDataType, oid:str, key: str, usr: str):
+        """ return the value of the requested secret for the given object"""
+        encrypted_secret = super().get_secret(n_type, oid, key, usr)
+        return self.decrypt(encrypted_secret)
+
+    def delete_secret(self, n_type: LocationDataType, oid:str, key: str, usr: str):
+        """ delete and return the value of the requested secret for the given object"""
+        return self.decrypt(super().delete_secret(n_type, oid, key, usr))
\ No newline at end of file
diff --git a/apiserver/storage/__init__.py b/apiserver/storage/__init__.py
index 8c48a896dd34600a875076a9603eeb6f52574e5c..d14af4fbc9c5248d46f91925e463dfa793f5a9d0 100644
--- a/apiserver/storage/__init__.py
+++ b/apiserver/storage/__init__.py
@@ -1,3 +1,5 @@
 from .JsonFileStorageAdapter import JsonFileStorageAdapter, verify_oid
 
-from .LocationStorage import LocationDataType, LocationData, AbstractLocationDataStorageAdapter
\ No newline at end of file
+from .LocationStorage import LocationDataType, LocationData, AbstractLocationDataStorageAdapter
+
+from .EncryptedJsonFileStorageAdapter import EncryptedJsonFileStorageAdapter
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index 7415b00a67633a140fb24b62002afbbec7508832..cad50dfeb3e89266b9da1f6381a710655dd859af 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,3 +6,4 @@ python-multipart==0.0.5
 python-jose[cryptography]==3.2.0
 passlib[bcrypt]==1.7.4
 jinja2==3.0.1
+cryptography