diff --git a/rhodecode/lib/encrypt.py b/rhodecode/lib/encrypt.py
--- a/rhodecode/lib/encrypt.py
+++ b/rhodecode/lib/encrypt.py
@@ -43,6 +43,7 @@ class InvalidDecryptedValue(str):
         content = f'<{cls.__name__}({content[:16]}...)>'
         return str.__new__(cls, content)
 
+
 KEY_FORMAT = b'enc$aes_hmac${1}'
 
 
diff --git a/rhodecode/lib/encrypt2.py b/rhodecode/lib/encrypt2.py
--- a/rhodecode/lib/encrypt2.py
+++ b/rhodecode/lib/encrypt2.py
@@ -29,12 +29,16 @@ class Encryptor(object):
     @classmethod
     def detect_enc_algo(cls, enc_data: bytes):
         parts = enc_data.split(b'$', 3)
-        if len(parts) != 3:
-            raise ValueError(f'Encrypted Data has invalid format, expected {cls.key_format}, got {parts}')
 
         if b'enc$aes_hmac$' in enc_data:
+            # we expect this data is encrypted, so validate the header
+            if len(parts) != 3:
+                raise ValueError(f'Encrypted Data has invalid format, expected {cls.key_format}, got `{parts}`')
             return 'aes'
         elif b'enc2$salt' in enc_data:
+            # we expect this data is encrypted, so validate the header
+            if len(parts) != 3:
+                raise ValueError(f'Encrypted Data has invalid format, expected {cls.key_format}, got `{parts}`')
             return 'fernet'
         return None
 
@@ -65,7 +69,7 @@ class Encryptor(object):
     def _get_parts(self, enc_data):
         parts = enc_data.split(b'$', 3)
         if len(parts) != 3:
-            raise ValueError(f'Encrypted Data has invalid format, expected {self.key_format}, got {parts}')
+            raise ValueError(f'Encrypted Data has invalid format, expected {self.key_format}, got `{parts}`')
         prefix, salt, enc_data = parts
 
         try: