Backup & restore
A Meshanics node holds three kinds of durable state, and they have different recovery characteristics. Back up all three on the same schedule so a restore gives you a self-consistent system rather than a database that references trust material you no longer have.
What to back up
| State | Where it lives | Why it matters |
|---|---|---|
| Database | The Postgres data volume | The fleet itself: devices, enrollment records, rollouts, artifact metadata, the audit trail, and the platform's encrypted secrets. |
| Trust metadata and online keys | The platform's update-repository directory | The signed repository metadata devices verify against, plus the online freshness keys. Without it, devices cannot validate that an update is genuine. |
| Server and CA certificates | The platform's certificate directory | The platform's TLS identity and the authority that signs device certificates. |
The platform stores only metadata about your artifacts and never the payload contents your application processes, so a backup contains no model weights or application data — only the records that describe them.
Taking a backup
Back up the database with a standard logical dump, and snapshot the platform's trust-metadata and certificate directories with an ordinary file copy while the services are briefly quiesced. The exact commands and paths for your release are in the deployment guide that ships with the install.
Treat the result as sensitive — it contains the platform's online keys and stored secrets. Store backups encrypted, with the same access control as the live host.
The offline root and targets keys are deliberately not on the node and so are not in these backups. They are protected by the ceremony process and their own offline custody. See TUF.
Restoring
Restore onto a node prepared the same way as the original — same service versions, same host address in the certificate's subject alternative names.
- Bring the database up empty, then load the dump back into it.
- Restore the trust metadata, online keys, and certificate directories from the archive into their original locations, preserving restrictive permissions.
- Start the services and confirm devices reconnect over mutual TLS and resume heartbeating.
Because the audit trail is append-only and hash-chained, a faithful restore preserves a verifiable history; a restore that silently dropped records would be detectable as a break in the chain.
Validate restores
A backup you have never restored is a hypothesis. Periodically restore onto a throwaway host, enroll a test device, and run an update through to confirm the trust chain still verifies end to end.