Bamboo reports "Can't decrypt data. It's possible data was encrypted by different cipher" when using an empty AWS Secret Access Key on the Amazon S3 Artifact handler

Problem

If the Bamboo Amazon S3 artifact handler configuration was disabled and saved with an empty Secret Access Key, Bamboo will log entries such as:

2023-01-06 18:08:35,348 INFO [https-jsse-nio-45825-exec-2 url: /build/admin/triggerManualBuild.action; user: username] [SecretEncryptionServiceImpl] Can't decrypt data. It's possible data was encrypted by different cipher. Run Bamboo with system property -Dbamboo.security.decryption.ignore.errors=true to ignore this error
2023-01-06 18:08:35,348 ERROR [https-jsse-nio-45825-exec-2 url: /build/admin/triggerManualBuild.action; user: username] [BambooPluginUtils] class com.atlassian.bamboo.build.artifact.S3ArtifactHandlerConfigurator has failed to decorate configuration for runtime
java.lang.IllegalArgumentException: Unknown encrypted data format: []
	at com.atlassian.bamboo.crypto.instance.SecretEncryptionServiceInternalImpl$ArmoredString.from(SecretEncryptionServiceInternalImpl.java:67)
	at com.atlassian.bamboo.crypto.instance.SecretEncryptionServiceInternalImpl.decrypt(SecretEncryptionServiceInternalImpl.java:101)
	at jdk.internal.reflect.GeneratedMethodAccessor307.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
...

Hence for every build, the error and Java stack trace will be printed to the logs, causing a massive noise, and making it very hard to understand legitimate messages.

Environment

Bamboo 8.2, 9.0, 9.1

Steps to Reproduce

1. Configure a valid Amazon S3 Artifact Handler, and make sure to use a manual Access Key and Secret access key (do not reuse the one used by Elastic Agents)
2. On the Artifact Handlers configuration, enable both Amazon S3 Shared and Non-Shared artifacts - I have not tested with only one artifact type, but will probably be reproducible as well
3. Have a Plan that would publish an artifact to S3 (run it at least once)
4. Disable the Amazon S3 Shared and Non-Shared artifacts on the Artifact Handlers configuration and SAVE
5. Click on "Change secret access key" and click on SAVE again (do not add a Secret access key) - it should remain empty
6. Run the Plan again
7. Observe the logs

Expected Results

Bamboo should run the Plan and not notify any errors or tentatives to decrypt data - Why is it even accessing S3 artifact handler information if it is disabled?

Actual Results

Bamboo tries to decrypt an empty string from the DB bandana.serialized_data#custom.artifactHandlers.comAtlassianBambooPluginArtifactHandlerRemote:S3ArtifactHandler:accessKeyId

  <entry>    
    <string>custom.artifactHandlers.comAtlassianBambooPluginArtifactHandlerRemote:S3ArtifactHandler:accessKeyId</string>
    <string/>
  </entry>

Workaround

1. Add a valid Secret access key to the Amazon S3 artifact handler, but keep it disabled
2. Review the Plans configuration (under "Other" tab) and validate if "Use custom artifact handler settings" >> "Amazon S3" is not enabled as well (to prevent users from using it)

Notes