diff --git a/awx/conf/migrations/_reencrypt.py b/awx/conf/migrations/_reencrypt.py
index 7e3fe893b1..899d085f74 100644
--- a/awx/conf/migrations/_reencrypt.py
+++ b/awx/conf/migrations/_reencrypt.py
@@ -13,12 +13,14 @@ __all__ = ['replace_aesecb_fernet', 'get_encryption_key', 'encrypt_field',
 
 
 def replace_aesecb_fernet(apps, schema_editor):
+    from awx.main.utils.encryption import encrypt_field
     Setting = apps.get_model('conf', 'Setting')
 
     for setting in Setting.objects.filter().order_by('pk'):
         if settings_registry.is_setting_encrypted(setting.key):
             if should_decrypt_field(setting.value):
                 setting.value = decrypt_field(setting, 'value')
+                setting.value = encrypt_field(setting, 'value')
             setting.save()
 
 
diff --git a/awx/main/migrations/_credentialtypes.py b/awx/main/migrations/_credentialtypes.py
index 0f71af81fe..69a45f9fb8 100644
--- a/awx/main/migrations/_credentialtypes.py
+++ b/awx/main/migrations/_credentialtypes.py
@@ -1,6 +1,6 @@
 from awx.main import utils
 from awx.main.models import CredentialType
-from awx.conf.migrations._reencrypt import encrypt_field, decrypt_field
+from awx.main.utils.encryption import encrypt_field, decrypt_field
 from django.db.models import Q
 
 
diff --git a/awx/main/migrations/_reencrypt.py b/awx/main/migrations/_reencrypt.py
index ccce05901b..c4e502f9a2 100644
--- a/awx/main/migrations/_reencrypt.py
+++ b/awx/main/migrations/_reencrypt.py
@@ -5,6 +5,7 @@ from awx.conf.migrations._reencrypt import (
     decrypt_field,
     should_decrypt_field,
 )
+from awx.main.utils.encryption import encrypt_field
 
 from awx.main.notifications.email_backend import CustomEmailBackend
 from awx.main.notifications.slack_backend import SlackBackend
@@ -46,8 +47,8 @@ def _notification_templates(apps):
         for field in filter(lambda x: notification_class.init_parameters[x]['type'] == "password",
                             notification_class.init_parameters):
             if should_decrypt_field(nt.notification_configuration[field]):
-                value = decrypt_field(nt, 'notification_configuration', subfield=field)
-                nt.notification_configuration[field] = value
+                nt.notification_configuration[field] = decrypt_field(nt, 'notification_configuration', subfield=field)
+                nt.notification_configuration[field] = encrypt_field(nt, 'notification_configuration', subfield=field)
         nt.save()
 
 
@@ -58,6 +59,7 @@ def _credentials(apps):
             if should_decrypt_field(value):
                 value = decrypt_field(credential, field_name)
                 setattr(credential, field_name, value)
+                setattr(credential, field_name, encrypt_field(credential, field_name))
         credential.save()
 
 
@@ -67,6 +69,6 @@ def _unified_jobs(apps):
     for uj in UnifiedJob.objects.all():
         if uj.start_args is not None:
             if should_decrypt_field(uj.start_args):
-                start_args = decrypt_field(uj, 'start_args')
-                uj.start_args = start_args
+                uj.start_args = decrypt_field(uj, 'start_args')
+                uj.start_args = encrypt_field(uj, 'start_args')
                 uj.save()