I have had to think about the same issue. The best idea I got was to use a Docker image. The database can be created and maintained external to the Docker VM.
The database or the Docker file? Depends on the software, but locking down the database system is probably easy. I'll bet that is all you need. Locking down Docker is harder and makes less sense to me.
My application uses a secure HTTPS connection and does the decryption on its own. What this means is that the executable is useless to anybody else but that one enterprise customer.
I suppose it depends on the application. Mine is in a compiled language. Hard to reverse engineer. If yours is in an interpreted language like Python, there might be a source code obfuscator that you can apply.
Do not underestimate the value of your expertise. Even if they had the source code, the chances of a paying customer becoming a competitor is low. Again, I suppose it depends on the application.
is it possible to encrypt/secure it somehow from being pried open?