diff --git a/awx/main/models/jobs.py b/awx/main/models/jobs.py
index 6108085e72..d0729cc48b 100644
--- a/awx/main/models/jobs.py
+++ b/awx/main/models/jobs.py
@@ -37,7 +37,6 @@ from awx.main.utils import (
     ignore_inventory_computed_fields,
     parse_yaml_or_json,
 )
-from awx.main.utils.encryption import encrypt_value
 from awx.main.fields import ImplicitRoleField
 from awx.main.models.mixins import ResourceMixin, SurveyJobTemplateMixin, SurveyJobMixin, TaskManagerJobMixin
 from awx.main.models.base import PERM_INVENTORY_SCAN
@@ -386,7 +385,6 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, SurveyJobTemplateMixin, Resour
         # Sort the runtime fields allowed and disallowed by job template
         ignored_fields = {}
         prompted_fields = {}
-        survey_password_variables = self.survey_password_variables()
 
         ask_for_vars_dict = self._ask_for_vars_dict()
 
@@ -412,12 +410,6 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, SurveyJobTemplateMixin, Resour
                     else:
                         ignored_fields[field] = kwargs[field]
 
-        for key in prompted_fields.get('extra_vars', {}):
-            if key in survey_password_variables:
-                prompted_fields['extra_vars'][key] = encrypt_value(
-                    prompted_fields['extra_vars'][key]
-                )
-
         return prompted_fields, ignored_fields
 
     def _extra_job_type_errors(self, data):
diff --git a/awx/main/models/unified_jobs.py b/awx/main/models/unified_jobs.py
index 4e4af4c8ef..3a90825369 100644
--- a/awx/main/models/unified_jobs.py
+++ b/awx/main/models/unified_jobs.py
@@ -32,7 +32,7 @@ from awx.main.models.base import * # noqa
 from awx.main.models.schedules import Schedule
 from awx.main.models.mixins import ResourceMixin, TaskManagerUnifiedJobMixin
 from awx.main.utils import (
-    decrypt_field, _inventory_updates,
+    encrypt_value, decrypt_field, _inventory_updates,
     copy_model_by_class, copy_m2m_relationships,
     get_type_for_model, parse_yaml_or_json
 )
@@ -336,6 +336,22 @@ class UnifiedJobTemplate(PolymorphicModel, CommonModelNameNotUnique, Notificatio
         '''
         Create a new unified job based on this unified job template.
         '''
+
+        # automatically encrypt survey fields
+        if hasattr(self, 'survey_spec') and getattr(self, 'survey_enabled', False):
+            password_list = self.survey_password_variables()
+            for key in kwargs.get('extra_vars', {}):
+                if key in password_list:
+                    if kwargs['extra_vars'][key] == '$encrypted$':
+                        # If we get into this block, it means there's probably
+                        # a bug in the way we substitute default survey
+                        # passwords; the value we anticipate here is plaintext
+                        # that needs to be encrypted
+                        raise NotImplementedError('extra_var encryption failed (unexpected $encrypted$ value)')
+                    kwargs['extra_vars'][key] = encrypt_value(
+                        kwargs['extra_vars'][key]
+                    )
+
         unified_job_class = self._get_unified_job_class()
         fields = self._get_unified_job_field_names()
         unified_job = copy_model_by_class(self, unified_job_class, fields, kwargs)