Backup & restore

merido can export its control-plane configuration to a single JSON document and import it back into another instance (or the same one after a reset). Restore is additive and non-destructive, and secrets are never exported — so a backup is safe to store and share within your team without leaking credentials.

Export

GET /api/backup/export

Returns a versioned JSON document containing your configuration:

• Settings — global key/value config.
• Providers / connections — id, provider, base URL, label, enabled flag, priority. The proxy URL is included only in masked form.
• Gateway keys — metadata only (name, enabled, scope, cost center, timestamps).
• Virtual models — name, strategy, sticky limit, targets, enabled flag.
• Proxy pools — id, label, masked URL, active flag.

Restore

POST /api/backup/import        # body: the exported document
POST /api/backup/import        # with { "dry_run": true } to preview

Import is idempotent and additive: it creates entries that are absent (matched by natural key — provider + base URL for connections, name for virtual models) and upserts settings. It never deletes or overwrites existing configuration, so importing into a populated instance only fills in what's missing. Pass dry_run: true to get the same summary without writing anything.

What is not restored

Backups are deliberately credential-free, so restoring rebuilds the shape of your config but not its secrets. After a restore you must re-add:

• Provider API keys — connections come back with an empty credential placeholder; re-add the key on the Providers page.
• Gateway key material — only the hash is ever stored, so key secrets can't be exported; recreate the keys on the Keys page (the metadata is reported for reference).
• Proxy credentials — only a masked URL is exported; re-add the proxy on the Proxies page.

The encryption master key is not part of export/import.

In multi-tenant mode both endpoints require an org admin (or a management token); in single-user local mode they're always available.

Related

• Add providers & keys — where you re-enter credentials after a restore.
• Credential policy, vault & proxy pools — how secrets are sealed at rest.
• Deploy to production — the deployment these backups protect.