By customer request :

 
To ensure cryptographic keys are derived securely from secrets, the existing key derivation logic should be replaced with a dedicated function such as PBKDF2HMAC, Argon2id or scrypt, as recommended in the Python library's Fernet documentation:

https://cryptography.io/en/latest/fernet/#using-passwords-with-fernet

In addition to switching to a proper KDF, the set of inputs should be expanded to include the database table (main_credential) and column name (inputs) to fully capture the context of the encrypted value and ensure key uniqueness across use cases.