Well, if you plan on having this per-user, I see no other way then to store a separate DEK for each user. You can then use a variety of ways to encrypt this DEK.

One idea would be to use the password to derive the key for decrypting the DEK. Of course this has to be derived in a different way than the hash of the password stored in the DB, for example by prepending "key-" in front of the password.

Another option is to user something like SCRAM-256 and then use for example Client-Key to encrypt the DEK (client key is not stored on the server in SCRAM).

Another option of course would be just keeping an additional key stored on the user computer, but this has the disadvantage of the user having to protect and backup this file.

Well, if you plan on having this per-user, I see no other way then to store a separate DEK for each user. You can then use a variety of ways to encrypt this DEK.

One idea would be to use the password to derive the key for decrypting the DEK. Of course this has to be derived in a different way than the hash of the password stored in the DB, for example by prepending "key-" in front of the password.

Another option is to user something like SCRAM-256 and then use for example Client-Key to encrypt the DEK (client key is not stored on the server in SCRAM).

Another option of course would be just keeping an additional key stored on the user computer, but this has the disadvantage of the user having to protect and backup this file.