diff --git a/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go b/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go
index d00d0e74f1..741c9748c5 100644
--- a/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go
+++ b/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go
@@ -277,7 +277,8 @@ func (s *SealedSecret) Unseal(codecs runtimeserializer.CodecFactory, privKeys ma
 		for key, value := range s.Spec.EncryptedData {
 			valueBytes, err := base64.StdEncoding.DecodeString(value)
 			if err != nil {
-				return nil, err
+				errs = append(errs, multierror.Tag(key, err))
+				continue
 			}
 			plaintext, err := crypto.HybridDecrypt(rand.Reader, privKeys, valueBytes, label)
 			if err != nil {
diff --git a/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_test.go b/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_test.go
index 39f948dc26..dced1b9511 100644
--- a/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_test.go
+++ b/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_test.go
@@ -298,7 +298,7 @@ func TestSealRoundTripWithMisMatchClusterWide(t *testing.T) {
 
 	_, err := ssecret.Unseal(codecs, keys)
 	if err == nil {
-		t.Fatalf("Unseal did not return expected error: %v", err)
+		t.Fatal("Expecting error: got nil instead")
 	}
 }
 
@@ -572,6 +572,37 @@ func TestRejectBothEncryptedDataAndDeprecatedV1Data(t *testing.T) {
 	}))
 }
 
+func TestInvalidBase64(t *testing.T) {
+	sealedSecret := &SealedSecret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "myname",
+			Namespace: "myns",
+		},
+		Spec: SealedSecretSpec{
+			EncryptedData: map[string]string{
+				"foo": "NOTVALIDBASE64",
+			},
+		},
+	}
+
+	scheme := runtime.NewScheme()
+	codecs := serializer.NewCodecFactory(scheme)
+	_, keys := generateTestKey(t, testRand(), 2048)
+
+	_, err := sealedSecret.Unseal(codecs, keys)
+	if err == nil {
+		t.Fatal("Expecting error: got nil instead")
+	}
+
+	if !strings.Contains(err.Error(), "foo") {
+		t.Errorf("Expecting error: %q to contain field %q", err, "foo")
+	}
+
+	if strings.Contains(err.Error(), "decrypt") {
+		t.Errorf("Expecting error: %q to not contain %q (invalid base64 should skip decryption)", err, "decrypt")
+	}
+}
+
 func sealSecret(t *testing.T, secret *v1.Secret, newSealedSecret func(serializer.CodecFactory, *rsa.PublicKey, *v1.Secret) (*SealedSecret, error)) (*SealedSecret, serializer.CodecFactory, map[string]*rsa.PrivateKey) {
 	scheme := runtime.NewScheme()
 	codecs := serializer.NewCodecFactory(scheme)