diff --git a/node/modules/core.go b/node/modules/core.go
index 23adc23bc..0a4a97f40 100644
--- a/node/modules/core.go
+++ b/node/modules/core.go
@@ -3,10 +3,12 @@ package modules
 import (
 	"context"
 	"crypto/rand"
-	"github.com/filecoin-project/lotus/api/apistruct"
+	"errors"
 	"io"
 	"io/ioutil"
 
+	"github.com/filecoin-project/lotus/api/apistruct"
+
 	"github.com/filecoin-project/lotus/build"
 	"github.com/filecoin-project/lotus/chain/types"
 	"github.com/filecoin-project/lotus/lib/addrutil"
@@ -38,7 +40,8 @@ type jwtPayload struct {
 
 func APISecret(keystore types.KeyStore, lr repo.LockedRepo) (*dtypes.APIAlg, error) {
 	key, err := keystore.Get(JWTSecretName)
-	if err != nil {
+
+	if errors.Is(err, types.ErrKeyInfoNotFound) {
 		log.Warn("Generating new API secret")
 
 		sk, err := ioutil.ReadAll(io.LimitReader(rand.Reader, 32))
@@ -68,6 +71,8 @@ func APISecret(keystore types.KeyStore, lr repo.LockedRepo) (*dtypes.APIAlg, err
 		if err := lr.SetAPIToken(cliToken); err != nil {
 			return nil, err
 		}
+	} else if err != nil {
+		return nil, xerrors.Errorf("could not get JWT Token: %w", err)
 	}
 
 	return (*dtypes.APIAlg)(jwt.NewHS256(key.PrivateKey)), nil
diff --git a/node/repo/fsrepo.go b/node/repo/fsrepo.go
index b0d9de1ec..ceab72f0a 100644
--- a/node/repo/fsrepo.go
+++ b/node/repo/fsrepo.go
@@ -346,7 +346,7 @@ func (fsr *fsLockedRepo) Get(name string) (types.KeyInfo, error) {
 	}
 
 	if fstat.Mode()&0077 != 0 {
-		return types.KeyInfo{}, xerrors.Errorf(kstrPermissionMsg, name, err)
+		return types.KeyInfo{}, xerrors.Errorf(kstrPermissionMsg, name, fstat.Mode())
 	}
 
 	file, err := os.Open(keyPath)