diff --git a/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js b/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js
index 30b2ccdb0..0432e01fb 100644
--- a/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js
+++ b/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js
@@ -239,7 +239,15 @@ var api = module.exports = {
                     throw error;
                 }
             } else {
-                credentialCache = credentials;
+                if (encryptionEnabled) {
+                    // Our config expects the credentials to be encrypted but the encrypted object is not found
+                    log.warn(log._("nodes.credentials.encryptedNotFound"))
+                    credentialCache = credentials;
+                } else {
+                    // credentialSecret is set to False
+                    log.warn(log._("nodes.credentials.unencrypted"))
+                    credentialCache = credentials;
+                }
             }
             if (clearInvalidFlag) {
                 // TODO: this delves too deep into Project structure
diff --git a/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json b/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json
index 815f9239c..cb2e08aab 100644
--- a/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json
+++ b/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json
@@ -104,7 +104,9 @@
             "error":"Error loading credentials: __message__",
             "error-saving":"Error saving credentials: __message__",
             "not-registered": "Credential type '__type__' is not registered",
-            "system-key-warning": "\n\n---------------------------------------------------------------------\nYour flow credentials file is encrypted using a system-generated key.\n\nIf the system-generated key is lost for any reason, your credentials\nfile will not be recoverable, you will have to delete it and re-enter\nyour credentials.\n\nYou should set your own key using the 'credentialSecret' option in\nyour settings file. Node-RED will then re-encrypt your credentials\nfile using your chosen key the next time you deploy a change.\n---------------------------------------------------------------------\n"
+            "system-key-warning": "\n\n---------------------------------------------------------------------\nYour flow credentials file is encrypted using a system-generated key.\n\nIf the system-generated key is lost for any reason, your credentials\nfile will not be recoverable, you will have to delete it and re-enter\nyour credentials.\n\nYou should set your own key using the 'credentialSecret' option in\nyour settings file. Node-RED will then re-encrypt your credentials\nfile using your chosen key the next time you deploy a change.\n---------------------------------------------------------------------\n",
+            "unencrypted" : "Using unencrypted credentials",
+            "encryptedNotFound" : "Encrypted credentials not found"
         },
         "flows": {
             "safe-mode": "Flows stopped in safe mode. Deploy to start.",
diff --git a/test/unit/@node-red/runtime/lib/nodes/credentials_spec.js b/test/unit/@node-red/runtime/lib/nodes/credentials_spec.js
index 6db0b867b..0668da3b6 100644
--- a/test/unit/@node-red/runtime/lib/nodes/credentials_spec.js
+++ b/test/unit/@node-red/runtime/lib/nodes/credentials_spec.js
@@ -379,7 +379,6 @@ describe('red/runtime/nodes/credentials', function() {
                 credentials.export().then(function(result) {
                     result.should.have.a.property("$");
                     settings.should.not.have.a.property("_credentialSecret");
-
                     // reset everything - but with _credentialSecret still set
                     credentials.init(runtime);
                     // load the freshly encrypted version
@@ -445,6 +444,21 @@ describe('red/runtime/nodes/credentials', function() {
             });
         });
 
+        it('handles bad credentials object - resets credentials', function(done) {
+            settings = {
+                credentialSecret: "e3a36f47f005bf2aaa51ce3fc6fcaafd79da8d03f2b1a9281f8fb0a285e6255a"
+            };
+            // {"node":{user1:"abc",password1:"123"}}
+            var cryptedFlows = {"BADKEY":"5b89d8209b5158a3c313675561b1a5b5phN1gDBe81Zv98KqS/hVDmc9EKvaKqRIvcyXYvBlFNzzzJtvN7qfw06i"};
+            credentials.init(runtime);
+            credentials.load(cryptedFlows).then(function() {
+                done();
+            }).catch(function(err) {
+                err.should.have.property('code','credentials_load_failed');
+                done();
+            });
+        });
+
         it('handles unavailable settings - leaves creds unencrypted', function(done) {
             var runtime = {
                 log: log,
diff --git a/test/unit/@node-red/runtime/lib/nodes/index_spec.js b/test/unit/@node-red/runtime/lib/nodes/index_spec.js
index d6017db45..4bd08682e 100644
--- a/test/unit/@node-red/runtime/lib/nodes/index_spec.js
+++ b/test/unit/@node-red/runtime/lib/nodes/index_spec.js
@@ -63,7 +63,7 @@ describe("red/nodes/index", function() {
     var runtime = {
         settings: settings,
         storage: storage,
-        log: {debug:function() {}, warn:function() {}},
+        log: {debug:function() {}, warn:function() {}, _: function() {}},
         events: new EventEmitter()
     };