fix(proxy): fix master key rotation Prisma validation errors

[michelligabriele]

_rotate_master_key() used jsonify_object() which converts Python dicts to JSON strings. Prisma's Python client rejects strings for Json-typed fields — it requires prisma.Json() wrappers or native dicts.

This affected three code paths:

• Model table (create_many): litellm_params and model_info converted to strings, plus created_at/updated_at were None (non-nullable DateTime)
• Config table (update): param_value converted to string
• Credentials table (update): credential_values/credential_info converted to strings

Fix: replace jsonify_object() with model_dump(exclude_none=True) + prisma.Json() wrappers for all Json fields. Wrap model delete+insert in a Prisma transaction for atomicity. Add try/except around MCP server rotation to prevent non-critical failures from blocking the entire rotation.

Relevant issues

Pre-Submission checklist

• I have Added testing in the tests/litellm/ directory, Adding at least 1 test is a hard requirement - see details
• My PR passes all unit tests on make test-unit
• My PR's scope is as isolated as possible, it only solves 1 specific problem
• I have requested a Greptile review by commenting @greptileai and received a Confidence Score of at least 4/5 before requesting a maintainer review

CI (LiteLLM team)

• Branch creation CI run Link:
• CI run for the last commit Link:
• Merge / cherry-pick CI run Links:

Type

🐛 Bug Fix

Changes

litellm/proxy/management_endpoints/key_management_endpoints.py

1. Model table serialization — Replace jsonify_object(new_model.model_dump()) with new_model.model_dump(exclude_none=True) + prisma.Json() wrappers for litellm_params and model_info. This fixes two issues: exclude_none=True strips created_at: None / updated_at: None (letting Prisma @default(now()) apply), and prisma.Json() wraps dicts so create_many() accepts them for Json fields.

2. Model table atomicity — Wrap the delete + insert in async with prisma_client.db.tx() so the operation is atomic (prevents model loss on failure).

3. Config table serialization — Replace jsonify_object(encrypted_env_vars) with prisma.Json(encrypted_env_vars) for the param_value Json field.

4. Credentials table serialization — Replace jsonify_object(encrypted_cred.model_dump()) with model_dump(exclude_none=True) + prisma.Json() wrappers for credential_values and credential_info.

5. MCP rotation error handling — Wrap rotate_mcp_server_credentials_master_key() in try/except so MCP table issues (e.g., missing columns during migration) don't block the entire rotation.

tests/test_litellm/proxy/management_endpoints/test_key_management_endpoints.py

Added test_rotate_master_key_model_data_valid_for_prisma — regression test verifying:

• created_at/updated_at are excluded from model data
• litellm_params/model_info are wrapped with prisma.Json()
• delete_many is called inside the transaction

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
litellm	Ready	Preview, Comment	Feb 16, 2026 6:57pm

[greptile-apps]

Greptile Summary

Fixes Prisma validation errors during master key rotation by replacing jsonify_object() (which converts dicts to JSON strings incompatible with Prisma's Python client) with model_dump(exclude_none=True) + prisma.Json() wrappers for all Json-typed fields across the model, config, and credentials tables. Also adds transaction wrapping for the model table delete+create operation and defensive error handling around MCP server credential rotation.

• Model table: exclude_none=True strips created_at/updated_at (both None when constructed in-memory), letting Prisma's @default(now()) apply. prisma.Json() wraps litellm_params and model_info as required by create_many().
• Config table: param_value now wrapped with prisma.Json() instead of jsonify_object().
• Credentials table: credential_values and credential_info conditionally wrapped with prisma.Json().
• Transaction: Model delete+create now wrapped in prisma_client.db.tx() for atomicity.
• MCP rotation: Wrapped in try/except to prevent non-critical failures from blocking the entire rotation, though the underlying safe_dumps() serialization issue in the MCP path is not addressed.
• Test: Regression test verifies the model table serialization produces valid Prisma-compatible data.

Confidence Score: 4/5

• This PR is safe to merge — it fixes real Prisma validation errors with correct serialization patterns and adds transaction safety.
• The fix correctly addresses the root cause (jsonify_object converting dicts to strings that Prisma rejects) across three code paths (models, config, credentials). The transaction wrapping for model delete+create is a good improvement. The regression test covers the most critical path. The one concern is the MCP rotation being silently swallowed rather than properly fixed, which could leave MCP credentials encrypted with the old key after rotation.
• Pay attention to litellm/proxy/management_endpoints/key_management_endpoints.py lines 3137-3146 — the MCP rotation try/except may mask a real serialization issue similar to the ones being fixed in this PR.

Important Files Changed

Filename	Overview
litellm/proxy/management_endpoints/key_management_endpoints.py	Correctly replaces jsonify_object() with model_dump(exclude_none=True) + prisma.Json() for all Json-typed fields in model, config, and credentials tables. Adds transaction wrapping for model delete+create. Wraps MCP rotation in try/except but doesn't fix the underlying serialization issue in the MCP path.
tests/test_litellm/proxy/management_endpoints/test_key_management_endpoints.py	Well-structured regression test using mocks (no real network calls). Validates that created_at/updated_at are excluded, Json fields are wrapped with prisma.Json(), and delete+create happen within a transaction. Exercises the real _add_model_to_db code path.

Sequence Diagram

sequenceDiagram
    participant Caller as _rotate_master_key
    participant ProxyConfig as proxy_config
    participant AddModel as _add_model_to_db
    participant Prisma as Prisma DB
    participant MCP as MCP rotation

    Caller->>Prisma: find_many() models
    Caller->>ProxyConfig: decrypt_model_list_from_db()
    loop For each decrypted model
        Caller->>AddModel: _add_model_to_db(should_create_model_in_db=False)
        AddModel-->>Caller: LiteLLM_ProxyModelTable (in-memory)
        Note over Caller: model_dump(exclude_none=True)<br/>+ prisma.Json() wrappers
    end
    rect rgb(200, 230, 200)
        Note over Caller,Prisma: Transaction
        Caller->>Prisma: delete_many() models
        Caller->>Prisma: create_many() re-encrypted models
    end
    Caller->>Prisma: find_many() config
    Caller->>ProxyConfig: decrypt & re-encrypt env vars
    Caller->>Prisma: update() config with prisma.Json()
    rect rgb(255, 230, 200)
        Note over Caller,MCP: try/except (failure logged)
        Caller->>MCP: rotate_mcp_server_credentials()
    end
    Caller->>Prisma: find_many() credentials
    loop For each credential
        Caller->>ProxyConfig: decrypt & re-encrypt credential
        Note over Caller: model_dump(exclude_none=True)<br/>+ prisma.Json() wrappers
        Caller->>Prisma: update() credential
    end

Loading

_{Last reviewed commit: 1daea57}

[greptile-apps]

_{2 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Silent MCP rotation failure risks stale credentials

The MCP server rotation in rotate_mcp_server_credentials_master_key uses safe_dumps() (which returns a JSON string) for the credentials field, which is Json? in the Prisma schema. This is the same type of issue being fixed elsewhere in this PR (passing strings instead of prisma.Json() for Json-typed fields).

While wrapping in try/except is a reasonable defensive measure to prevent the entire rotation from failing, this means MCP server credentials will silently remain encrypted with the old master key after rotation. Subsequent operations using those credentials will fail because the proxy will try to decrypt them with the new master key.

Consider either:

1. Fixing rotate_mcp_server_credentials_master_key to use prisma.Json() instead of safe_dumps() (similar to the fixes applied to the other tables in this PR), or
2. At minimum, re-raising the error or returning a status so the caller knows MCP rotation failed and can report it to the admin.