diff --git a/awx/main/models/mixins.py b/awx/main/models/mixins.py
index 062a9638ee..16a21d8c2b 100644
--- a/awx/main/models/mixins.py
+++ b/awx/main/models/mixins.py
@@ -310,8 +310,8 @@ class SurveyJobMixin(models.Model):
         if self.survey_passwords:
             extra_vars = json.loads(self.extra_vars)
             for key in self.survey_passwords:
-                if key in extra_vars:
-                    value = extra_vars[key]
+                value = extra_vars.get(key)
+                if value and isinstance(value, basestring) and value.startswith('$encrypted$'):
                     extra_vars[key] = decrypt_value(get_encryption_key('value', pk=None), value)
             return json.dumps(extra_vars)
         else:
diff --git a/awx/main/tests/functional/api/test_survey_spec.py b/awx/main/tests/functional/api/test_survey_spec.py
index 81ce167656..30c8a156bb 100644
--- a/awx/main/tests/functional/api/test_survey_spec.py
+++ b/awx/main/tests/functional/api/test_survey_spec.py
@@ -134,6 +134,38 @@ def test_survey_spec_passwords_are_encrypted_on_launch(job_template_factory, pos
         assert "for 'secret_value' expected to be a string." in json.dumps(resp.data)
 
 
+@mock.patch('awx.api.views.feature_enabled', lambda feature: True)
+@pytest.mark.django_db
+def test_survey_spec_passwords_with_empty_default(job_template_factory, post, admin_user):
+    objects = job_template_factory('jt', organization='org1', project='prj',
+                                   inventory='inv', credential='cred')
+    job_template = objects.job_template
+    job_template.survey_enabled = True
+    job_template.save()
+    input_data = {
+        'description': 'A survey',
+        'spec': [{
+            'index': 0,
+            'question_name': 'What is your password?',
+            'required': False,
+            'variable': 'secret_value',
+            'type': 'password',
+            'default': ''
+        }],
+        'name': 'my survey'
+    }
+    post(url=reverse('api:job_template_survey_spec', kwargs={'pk': job_template.id}),
+         data=input_data, user=admin_user, expect=200)
+
+    resp = post(reverse('api:job_template_launch', kwargs={'pk': job_template.pk}),
+                {}, admin_user, expect=201)
+    job = Job.objects.get(pk=resp.data['id'])
+    assert json.loads(job.extra_vars)['secret_value'] == ''
+    assert json.loads(job.decrypted_extra_vars()) == {
+        'secret_value': ''
+    }
+
+
 @mock.patch('awx.api.views.feature_enabled', lambda feature: True)
 @pytest.mark.django_db
 @pytest.mark.parametrize('default, status', [