diff --git a/awx/main/migrations/0038_v320_release.py b/awx/main/migrations/0038_v320_release.py
index ddb15aee57..585b42ce04 100644
--- a/awx/main/migrations/0038_v320_release.py
+++ b/awx/main/migrations/0038_v320_release.py
@@ -9,7 +9,6 @@ from psycopg2.extensions import AsIs
 from django.db import migrations, models
 
 # AWX
-from awx.main.migrations import _reencrypt as reencrypt
 import awx.main.fields
 from awx.main.models import Host
 
@@ -277,7 +276,6 @@ class Migration(migrations.Migration):
             name='kind',
             field=models.CharField(default=b'', help_text='Kind of inventory being represented.', max_length=32, blank=True, choices=[(b'', 'Hosts have a direct link to this inventory.'), (b'smart', 'Hosts for inventory generated using the host_filter property.')]),
         ),
-        migrations.RunPython(reencrypt.replace_aesecb_fernet),
 
         # Timeout help text update
         migrations.AlterField(
diff --git a/awx/main/migrations/_credentialtypes.py b/awx/main/migrations/_credentialtypes.py
index a0fc1aac1e..0f71af81fe 100644
--- a/awx/main/migrations/_credentialtypes.py
+++ b/awx/main/migrations/_credentialtypes.py
@@ -1,6 +1,6 @@
 from awx.main import utils
 from awx.main.models import CredentialType
-from awx.main.utils import encrypt_field, decrypt_field
+from awx.conf.migrations._reencrypt import encrypt_field, decrypt_field
 from django.db.models import Q
 
 
diff --git a/awx/main/migrations/_reencrypt.py b/awx/main/migrations/_reencrypt.py
index 29ae5867d1..ae5dc5e76d 100644
--- a/awx/main/migrations/_reencrypt.py
+++ b/awx/main/migrations/_reencrypt.py
@@ -26,12 +26,13 @@ def _credentials(apps):
     Credential = apps.get_model('main', 'Credential')
     for credential in Credential.objects.all():
         for field_name, value in credential.inputs.items():
-            if field_name in credential.credential_type.secret_fields:
+            if field_name in credential.credential_type.inputs.get('fields', []):
                 value = getattr(credential, field_name)
                 if value.startswith('$encrypted$AESCBC$'):
                     continue
-                value = decrypt_field(credential, field_name)
-                credential.inputs[field_name] = value
+                elif value.startswith('$encrypted$AES$'):
+                    value = decrypt_field(credential, field_name)
+                    credential.inputs[field_name] = value
         credential.save()