diff --git a/awx/main/models/organization.py b/awx/main/models/organization.py
index ce345fef8f..e5b441cf70 100644
--- a/awx/main/models/organization.py
+++ b/awx/main/models/organization.py
@@ -350,7 +350,7 @@ class Credential(CommonModelNameNotUnique):
             # if hit hasn't been specified, then we're just doing a normal save.
             for field in self.PASSWORD_FIELDS:
                 ask = bool(self.kind == 'ssh' and field != 'ssh_key_data')
-                encrypted = encrypt_field(self, field, ask.encode('utf-8'))
+                encrypted = encrypt_field(self, field, ask)
                 setattr(self, field, encrypted)
                 if field not in update_fields:
                     update_fields.append(field)
diff --git a/awx/main/utils.py b/awx/main/utils.py
index fc5005ff12..2c841a5d3c 100644
--- a/awx/main/utils.py
+++ b/awx/main/utils.py
@@ -104,6 +104,7 @@ def encrypt_field(instance, field_name, ask=False):
     value = getattr(instance, field_name)
     if not value or value.startswith('$encrypted$') or (ask and value == 'ASK'):
         return value
+    value = value.encode('utf-8')
     key = get_encryption_key(instance, field_name)
     cipher = AES.new(key, AES.MODE_ECB)
     while len(value) % cipher.block_size != 0: