Fix LLM validation and dashboard health hot paths

backend/src/services/llm_provider.py

@@ -16,6 +16,8 @@ import os
 if TYPE_CHECKING:
     from ..plugins.llm_analysis.models import LLMProviderConfig
 
+MASKED_API_KEY_PLACEHOLDER = "********"
+
 # [DEF:_require_fernet_key:Function]
 # @TIER: CRITICAL
 # @PURPOSE: Load and validate the Fernet key used for secret encryption.
@@ -145,8 +147,12 @@ class LLMProviderService:
             db_provider.provider_type = config.provider_type.value
             db_provider.name = config.name
             db_provider.base_url = config.base_url
-            # Only update API key if provided (not None and not empty)
-            if config.api_key is not None and config.api_key != "":
+            # Ignore masked placeholder values; they are display-only and must not overwrite secrets.
+            if (
+                config.api_key is not None
+                and config.api_key != ""
+                and config.api_key != MASKED_API_KEY_PLACEHOLDER
+            ):
                 db_provider.api_key = self.encryption.encrypt(config.api_key)
             db_provider.default_model = config.default_model
             db_provider.is_active = config.is_active