diff --git a/paperless/init.sls b/paperless/init.sls
index ee34835..3e4f85c 100644
--- a/paperless/init.sls
+++ b/paperless/init.sls
@@ -1,7 +1,24 @@
 # Attempt to fix json with pillar variables in variable
 {% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '<CLIENT_SECRET>') %}
 {% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration') %}
-{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = {'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': client_secret, 'settings':{'server_url': oauth_server}}]}}|tojson%}
+
+{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS =
+  {
+    'openid_connect': {
+        'APPS': [
+            {
+              'provider_id': 'keycloak',
+              'name': 'Keycloak',
+              'client_id': 'paperless',
+              'secret': client_secret,
+              'settings': {
+                'server_url': oauth_server
+              }
+            }
+        ]
+    }
+  } 
+%}
 
 broker-data-directory-exists:
   file.directory:
@@ -105,6 +122,28 @@ tika-docker-container-running:
     - networks:
       - paperless-network
 
+# Attempt to fix json with pillar variables in variable
+{% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '<CLIENT_SECRET>') %}
+{% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration') %}
+
+{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ =
+  {
+    'openid_connect': {
+        'APPS': [
+            {
+              'provider_id': 'keycloak',
+              'name': 'Keycloak',
+              'client_id': 'paperless',
+              'secret': client_secret,
+              'settings': {
+                'server_url': oauth_server
+              }
+            }
+        ]
+    }
+  }
+%}
+
 paperless-docker-container-running:
   docker_container.running:
     # The Docker setup does not use the configuration file.
@@ -122,7 +161,7 @@ paperless-docker-container-running:
       - PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }}
 
       - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect
-      - PAPERLESS_SOCIALACCOUNT_PROVIDERS={{ PAPERLESS_SOCIALACCOUNT_PROVIDERS_ }}
+      - PAPERLESS_SOCIALACCOUNT_PROVIDERS="{{ PAPERLESS_SOCIALACCOUNT_PROVIDERS_ }}"
       - PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }}
       - PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }}