diff --git a/server/models/decorators/Encrypted.ts b/server/models/decorators/Encrypted.ts
index 1b917bed9..a005c6a45 100644
--- a/server/models/decorators/Encrypted.ts
+++ b/server/models/decorators/Encrypted.ts
@@ -1,4 +1,5 @@
 import vaults from "@server/database/vaults";
+import Logger from "@server/logging/logger";
 
 const key = "sequelize:vault";
 
@@ -15,7 +16,19 @@ export default function Encrypted(target: any, propertyKey: string) {
  * Get the value of an encrypted column given the target and the property key.
  */
 export function getEncryptedColumn(target: any, propertyKey: string): string {
-  return Reflect.getMetadata(key, target, propertyKey).get.call(target);
+  try {
+    return Reflect.getMetadata(key, target, propertyKey).get.call(target);
+  } catch (err) {
+    if (err.message.includes("bad decrypt")) {
+      Logger.error(
+        `Failed to decrypt database column (${propertyKey}). The SECRET_KEY environment variable may have changed since installation.`,
+        err
+      );
+      process.exit(1);
+    }
+
+    throw err;
+  }
 }
 
 /**