Question: How do I fix the issue of decrption errors in hal-deploy-apply?

Answer: There are encryption keys stored in 3 places:

oes-sapor-config: This has an encryption key

bootstrap: This has an encryption key

.hal/default/profiles/spinnakerconfig.yml: This has an encryption key (in the gitops repo and inside halyard pod)

OES and Spinnaker use symmetrical encryption i.e. same key is used for encryption and decrytion. 

The gitops repo: Encryption is done by OES based on the key in oes-sapor-config and decryption is done by the halyard using the key in spinnakerconfig.yml. So these two need to be SAME.

The key in bootstrap is used for encrypting/decrypting values from the OES-DB, and will generally not cause an issue.

So, if you have an issue with decryption, please ensure that the key is same in oes-sapor-config and spinnakerconfig.yml, restrart sapor-pod, and save the items (jenkins, artifactory or which ever one is giving the error) once again. Worst case, delete and re-add to resolve the issue.