diff --git a/data/config.db b/data/config.db
index 0a8cfbc..8bbe6e6 100644
--- a/data/config.db
+++ b/data/config.db
Binary files differ
diff --git a/internal/api.go b/internal/api.go
index 5585567..30e0494 100644
--- a/internal/api.go
+++ b/internal/api.go
@@ -148,4 +148,6 @@
 
 	// Renew Certificate Handler
 	mux.HandleFunc("/renew-certificate", api.renewCertificateHandler)
+
+	mux.HandleFunc("/storage-dump", api.storageDumpHandler)
 }
diff --git a/internal/api_handlers.go b/internal/api_handlers.go
index fe13508..7425331 100644
--- a/internal/api_handlers.go
+++ b/internal/api_handlers.go
@@ -4,6 +4,7 @@
 	"context"
 	"encoding/json"
 	"fmt"
+	"io"
 	"net/http"
 
 	internalapi "envoy-control-plane/internal/api"
@@ -623,3 +624,73 @@
 	json.NewEncoder(w).Encode(map[string]bool{"valid": valid})
 	w.WriteHeader(http.StatusOK)
 }
+
+func (api *API) storageDumpHandler(w http.ResponseWriter, r *http.Request) {
+	ctx := context.Background()
+
+	switch r.Method {
+	case http.MethodGet:
+		// --- 1. DUMP (Download) ---
+
+		// Execute the database dump
+		data, err := api.Manager.DB.Dump(ctx)
+		if err != nil {
+			http.Error(w, fmt.Sprintf("failed to perform database dump: %v", err), http.StatusInternalServerError)
+			return
+		}
+
+		// Set response headers for file download
+		w.Header().Set("Content-Type", "application/json")
+		w.Header().Set("Content-Disposition", "attachment; filename=\"db_dump.json\"")
+		w.WriteHeader(http.StatusOK)
+		w.Write(data)
+
+	case http.MethodPost:
+		// --- 2. RESTORE (Upload) ---
+
+		// Determine the restore mode from query parameters
+		modeStr := r.URL.Query().Get("mode")
+		mode := storage.RestoreMerge // Default to Merge
+		if modeStr == "override" {
+			mode = storage.RestoreOverride
+		}
+
+		// Read the JSON dump content from the request body
+		var data []byte
+		var err error
+
+		// Limit the body size to prevent resource exhaustion
+		r.Body = http.MaxBytesReader(w, r.Body, 10*1024*1024) // 10MB limit
+
+		data, err = io.ReadAll(r.Body)
+		if err != nil {
+			http.Error(w, "failed to read request body or body too large", http.StatusBadRequest)
+			return
+		}
+
+		// Execute the database restore
+		if err := api.Manager.DB.Restore(ctx, data, mode); err != nil {
+			http.Error(w, fmt.Sprintf("failed to restore database: %v", err), http.StatusInternalServerError)
+			return
+		}
+
+		// Reload the Envoy Cache from the newly restored database state
+		if err := api.Manager.LoadSnapshotFromDB(ctx); err != nil {
+			http.Error(w, fmt.Sprintf("database restored, but failed to load new snapshot into cache: %v", err), http.StatusInternalServerError)
+			return
+		}
+
+		// Send success response
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusOK)
+		json.NewEncoder(w).Encode(map[string]string{
+			"status":  "ok",
+			"message": fmt.Sprintf("Database restored in %s mode and cache updated.", modeStr),
+		})
+
+	default:
+		// Handle unsupported methods
+		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+}
diff --git a/internal/pkg/storage/storage_dump.go b/internal/pkg/storage/storage_dump.go
new file mode 100644
index 0000000..8a04a6d
--- /dev/null
+++ b/internal/pkg/storage/storage_dump.go
@@ -0,0 +1,226 @@
+package storage
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+)
+
+// DBDump holds the complete state of the database for dumping/restoring.
+type DBDump struct {
+	// Envoy xDS Resources - Use raw bytes for JSON/JSONB data from the DB
+	Clusters  [][]byte `json:"clusters,omitempty"`
+	Listeners [][]byte `json:"listeners,omitempty"`
+	Secrets   [][]byte `json:"secrets,omitempty"`
+	// Certificate Management Resources (Standard Go structs)
+	Certificates []*CertStorage `json:"certificates,omitempty"`
+	// Metadata field to capture database type for validation
+	DBDriver string `json:"db_driver"`
+}
+
+// DBDumpRestoreMode defines the strategy for restoring the data.
+type DBDumpRestoreMode int
+
+const (
+	// RestoreMerge merges the incoming data with existing data (UPSERT).
+	RestoreMerge DBDumpRestoreMode = iota
+	// RestoreOverride deletes all existing data and inserts the new data.
+	RestoreOverride
+)
+
+// Dump exports all database content as raw JSON data into a single JSON byte slice.
+func (s *Storage) Dump(ctx context.Context) ([]byte, error) {
+	// 1. Load raw JSON data for Envoy resources (avoids PB conversion)
+	rawClusters, err := s.LoadAllRawData(ctx, "clusters")
+	if err != nil {
+		return nil, fmt.Errorf("failed to load all clusters for dump: %w", err)
+	}
+	rawListeners, err := s.LoadAllRawData(ctx, "listeners")
+	if err != nil {
+		return nil, fmt.Errorf("failed to load all listeners for dump: %w", err)
+	}
+	rawSecrets, err := s.LoadAllRawData(ctx, "secrets")
+	if err != nil {
+		return nil, fmt.Errorf("failed to load all secrets for dump: %w", err)
+	}
+
+	// 2. Load Certificates (already standard Go structs)
+	// Note: LoadAllCertificates is defined in storage.go
+	protoCertificates, err := s.LoadAllCertificates(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failed to load all certificates for dump: %w", err)
+	}
+
+	// 3. Assemble the single top-level JSON message
+	dump := &DBDump{
+		Clusters:     rawClusters,
+		Listeners:    rawListeners,
+		Secrets:      rawSecrets,
+		Certificates: protoCertificates,
+		DBDriver:     s.driver, // Add metadata
+	}
+
+	// 4. Marshal the entire structure directly to JSON
+	data, err := json.MarshalIndent(dump, "", "  ")
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal database dump to JSON: %w", err)
+	}
+
+	return data, nil
+}
+
+// Restore imports database content from a JSON byte slice, inserting raw data.
+func (s *Storage) Restore(ctx context.Context, data []byte, mode DBDumpRestoreMode) error {
+	var dump DBDump
+
+	// 1. Unmarshal top-level structure using standard JSON
+	if err := json.Unmarshal(data, &dump); err != nil {
+		return fmt.Errorf("failed to unmarshal database dump from JSON: %w", err)
+	}
+
+	// 2. Validate Metadata
+	if dump.DBDriver != s.driver {
+		return fmt.Errorf("database driver mismatch: dump is for '%s', current is '%s'", dump.DBDriver, s.driver)
+	}
+
+	// --- 3. Override Mode: Clear Existing Tables ---
+	if mode == RestoreOverride {
+		if err := s.clearTable(ctx, "clusters"); err != nil {
+			return fmt.Errorf("failed to clear clusters table for override: %w", err)
+		}
+		if err := s.clearTable(ctx, "listeners"); err != nil {
+			return fmt.Errorf("failed to clear listeners table for override: %w", err)
+		}
+		if err := s.clearTable(ctx, "secrets"); err != nil {
+			return fmt.Errorf("failed to clear secrets table for override: %w", err)
+		}
+		if err := s.clearTable(ctx, "certificates"); err != nil {
+			return fmt.Errorf("failed to clear certificates table for override: %w", err)
+		}
+	}
+
+	// --- 4. Insert/Upsert Data using Raw JSON ---
+
+	// Clusters
+	if err := s.SaveRawData(ctx, "clusters", dump.Clusters); err != nil {
+		return fmt.Errorf("failed to save restored cluster raw data: %w", err)
+	}
+
+	// Listeners
+	if err := s.SaveRawData(ctx, "listeners", dump.Listeners); err != nil {
+		return fmt.Errorf("failed to save restored listener raw data: %w", err)
+	}
+
+	// Secrets
+	if err := s.SaveRawData(ctx, "secrets", dump.Secrets); err != nil {
+		return fmt.Errorf("failed to save restored secret raw data: %w", err)
+	}
+
+	// Certificates (Standard Go struct - SaveCertificate is defined in storage.go)
+	for _, cert := range dump.Certificates {
+		if err := s.SaveCertificate(ctx, cert); err != nil {
+			return fmt.Errorf("failed to save restored certificate %s: %w", cert.Domain, err)
+		}
+	}
+
+	return nil
+}
+
+// LoadAllRawData retrieves the raw data column ([]byte/JSONB) from a table.
+func (s *Storage) LoadAllRawData(ctx context.Context, table string) ([][]byte, error) {
+	if table != "clusters" && table != "listeners" && table != "secrets" {
+		return nil, fmt.Errorf("invalid table name: %s", table)
+	}
+
+	query := fmt.Sprintf(`SELECT data FROM %s`, table)
+
+	rows, err := s.db.QueryContext(ctx, query)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var data [][]byte
+	for rows.Next() {
+		var rawData []byte
+		// Handle Postgres JSONB (scans to []byte) vs SQLite TEXT (scans to string, then convert)
+		if s.driver == "postgres" {
+			if err := rows.Scan(&rawData); err != nil {
+				return nil, fmt.Errorf("failed to scan raw postgres data from %s: %w", table, err)
+			}
+		} else { // SQLite
+			var dataStr string
+			if err := rows.Scan(&dataStr); err != nil {
+				return nil, fmt.Errorf("failed to scan raw sqlite data from %s: %w", table, err)
+			}
+			rawData = []byte(dataStr)
+		}
+		data = append(data, rawData)
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+
+	return data, nil
+}
+
+// SaveRawData handles UPSERT for raw JSON data for clusters, listeners, and secrets.
+func (s *Storage) SaveRawData(ctx context.Context, table string, rawData [][]byte) error {
+	if table != "clusters" && table != "listeners" && table != "secrets" {
+		return fmt.Errorf("invalid table name for raw data save: %s", table)
+	}
+
+	for _, data := range rawData {
+		// To get the name (for UPSERT), we must minimally unmarshal the name field.
+		var nameExtractor struct {
+			Name string `json:"name"`
+		}
+		if err := json.Unmarshal(data, &nameExtractor); err != nil {
+			return fmt.Errorf("failed to extract name from raw data for table %s: %w", table, err)
+		}
+
+		// Use the same UPSERT logic as original Save* methods
+		var query string
+		switch s.driver {
+		case "postgres":
+			query = fmt.Sprintf(`
+				INSERT INTO %s (name, data, enabled, updated_at)
+				VALUES ($1, $2, true, now())
+				ON CONFLICT (name) DO UPDATE SET data = $2, enabled = true, updated_at = now()`, table)
+		default: // SQLite
+			query = fmt.Sprintf(`
+				INSERT INTO %s (name, data, enabled, updated_at)
+				VALUES (?, ?, 1, CURRENT_TIMESTAMP)
+				ON CONFLICT(name) DO UPDATE SET data=excluded.data, enabled=1, updated_at=CURRENT_TIMESTAMP`, table)
+		}
+
+		_, err := s.db.ExecContext(ctx, query, nameExtractor.Name, string(data))
+		if err != nil {
+			return fmt.Errorf("failed to upsert raw data for %s: %w", table, err)
+		}
+	}
+
+	return nil
+}
+
+// clearTable is a helper function to delete all rows from a table.
+func (s *Storage) clearTable(ctx context.Context, table string) error {
+	// Simple validation to prevent SQL injection on table names
+	if table != "clusters" && table != "listeners" && table != "secrets" && table != "certificates" {
+		return fmt.Errorf("invalid table name for clearing: %s", table)
+	}
+
+	var query string
+	if s.driver == "postgres" {
+		query = fmt.Sprintf("TRUNCATE TABLE %s RESTART IDENTITY", table)
+	} else {
+		query = fmt.Sprintf("DELETE FROM %s", table)
+	}
+
+	// Assuming s.db is your database connection pool
+	_, err := s.db.ExecContext(ctx, query)
+	if err != nil {
+		return fmt.Errorf("error clearing table %s: %w", table, err)
+	}
+	return nil
+}
diff --git a/static/index.html b/static/index.html
index cc789a2..fc8fd16 100644
--- a/static/index.html
+++ b/static/index.html
@@ -31,15 +31,34 @@
             </div>
 
             <div class="toolbar-right-group">
-                <button onclick="window.showAddClusterModal()">Add/Update
-                    Cluster</button>
-                <button onclick="window.showAddSecretModal()">Add/Update
-                    Secret</button>
                 <button onclick="window.showAddListenerModal()">Add/Update
                     Listener</button>
+                <button onclick="window.showAddClusterModal()">Add/Update
+                    Cluster</button>
+                <button onclick="window.showAddSecretModal()">Add/Update Generic
+                    Secret</button>
             </div>
         </div>
 
+                <h2>Existing Listeners (Click a domain/filter for details)</h2>
+        <table id="listenerTable" class="config-table">
+            <thead>
+                <tr>
+                    <th>Listener Name</th>
+                    <th>Status</th>
+                    <th>Address:Port</th>
+                    <th>Domains / Filters</th>
+                    <th>Action</th>
+                </tr>
+            </thead>
+            <tbody id="listener-table-body">
+                <tr>
+                    <td colspan="4" style="text-align: center;">Loading listener
+                        data...</td>
+                </tr>
+            </tbody>
+        </table>
+
         <h2>Existing Clusters (Click a row for full JSON/YAML details)</h2>
         <table id="clusterTable" class="config-table">
             <thead>
@@ -84,24 +103,7 @@
             </tbody>
         </table>
 
-        <h2>Existing Listeners (Click a domain/filter for details)</h2>
-        <table id="listenerTable" class="config-table">
-            <thead>
-                <tr>
-                    <th>Listener Name</th>
-                    <th>Status</th>
-                    <th>Address:Port</th>
-                    <th>Domains / Filters</th>
-                    <th>Action</th>
-                </tr>
-            </thead>
-            <tbody id="listener-table-body">
-                <tr>
-                    <td colspan="4" style="text-align: center;">Loading listener
-                        data...</td>
-                </tr>
-            </tbody>
-        </table>
+
     </div>
 
 <div id="configModal" class="modal">
@@ -293,19 +295,19 @@
 <div id="addSecretModal" class="modal">
         <div class="modal-content">
             <div class="modal-header">
-                <h3>Add/Update Secret</h3>
+                <h3>Add/Update Generic Secret</h3>
                 <span class="close-btn" onclick="hideAddSecretModal()">&times;</span>
             </div>
 
-            <p>Paste the full **YAML configuration** for the new secret(s)
+            <p>Paste the full <b>YAML configuration</b> for the new secret(s)
                 below and submit. You can provide a single secret object, or a
-                list of secrets under the `resources` key to load
+                list of secrets under the <code>resources</code> key to load
                 multiple at once:</p>
             <pre>resources:
   - &lt;secret 1&gt;
   - &lt;secret 2&gt;</pre>
             <p>Make sure every secret includes the required type identifier:
-                <code> "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret</p>code> ,
+                <code> "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret</code> ,
                 which allows the parser to recognize your configuration.
             </p>
             <form id="add-secret-form">
diff --git a/static/tools/storage_client.html b/static/tools/storage_client.html
new file mode 100644
index 0000000..a785062
--- /dev/null
+++ b/static/tools/storage_client.html
@@ -0,0 +1,193 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>DB Storage Dump/Restore Client</title>
+    <style>
+        body { font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif; max-width: 700px; margin: 40px auto; padding: 20px; border: 1px solid #e0e0e0; border-radius: 10px; box-shadow: 0 4px 8px rgba(0,0,0,0.05); }
+        h1 { color: #333; border-bottom: 2px solid #007bff; padding-bottom: 10px; margin-bottom: 20px; }
+        h2 { color: #007bff; margin-top: 30px; border-left: 5px solid #007bff; padding-left: 10px; }
+        .section { margin-bottom: 30px; padding: 15px; background-color: #f9f9f9; border-radius: 8px; }
+        label { display: block; margin-bottom: 8px; font-weight: 600; color: #555; }
+        input[type="file"], select { padding: 10px; border: 1px solid #ccc; border-radius: 4px; width: 100%; box-sizing: border-box; margin-top: 5px; }
+        button {
+            padding: 10px 15px;
+            background-color: #28a745;
+            color: white;
+            border: none;
+            border-radius: 4px;
+            cursor: pointer;
+            margin-top: 10px;
+            font-size: 16px;
+            transition: background-color 0.3s;
+        }
+        button:hover { background-color: #218838; }
+        #status-box {
+            margin-top: 20px;
+            padding: 15px;
+            border: 1px solid #ddd;
+            border-radius: 5px;
+            background-color: #fff;
+            white-space: pre-wrap;
+            font-family: Consolas, monospace;
+            font-size: 14px;
+            min-height: 50px;
+        }
+        .error { border-color: red !important; background-color: #ffebeb; color: #a94442; }
+        .success { border-color: green !important; background-color: #dff0d8; color: #3c763d; }
+    </style>
+</head>
+<body>
+
+    <h1>💾 DB Storage Operations</h1>
+    <p>API Endpoint: <code>/storage-dump</code></p>
+
+    <div class="section">
+        <h2>📥 Database Dump (GET)</h2>
+        <p>This will initiate a **GET** request to download the full database state as a JSON file.</p>
+        <button onclick="handleDump()">Download DB Dump</button>
+    </div>
+
+    <div class="section">
+        <h2>⬆️ Database Restore (POST)</h2>
+        <form id="restoreForm">
+            <label for="dumpFile">Select JSON Dump File:</label>
+            <input type="file" id="dumpFile" name="dumpFile" accept=".json" required>
+
+            <label for="restoreMode">Restore Mode:</label>
+            <select id="restoreMode" name="restoreMode">
+                <option value="merge">Merge (UPSERT)</option>
+                <option value="override">Override (DELETE ALL + UPSERT)</option>
+            </select>
+            <button type="submit">Upload and Restore</button>
+        </form>
+    </div>
+
+    <div id="status-box">Status: Ready.</div>
+
+    <script>
+        const API_ENDPOINT = "/storage-dump";
+        const statusBox = document.getElementById('status-box');
+
+        /**
+         * Clears status box and updates with new message.
+         * @param {string} message - The message to display.
+         * @param {boolean} isError - Whether the message indicates an error.
+         */
+        function updateStatus(message, isError = false) {
+            statusBox.className = '';
+            statusBox.textContent = message;
+            if (isError) {
+                statusBox.classList.add('error');
+            } else {
+                statusBox.classList.add('success');
+            }
+        }
+
+        /**
+         * Handles the GET request for downloading the DB dump.
+         */
+        function handleDump() {
+            updateStatus("Dumping database... Please wait.", false);
+            
+            fetch(API_ENDPOINT)
+                .then(response => {
+                    if (!response.ok) {
+                        return response.text().then(text => {
+                            throw new Error(`HTTP Error ${response.status}: ${text}`);
+                        });
+                    }
+                    // Extract filename from Content-Disposition header, or use a default
+                    const contentDisp = response.headers.get('Content-Disposition');
+                    let filename = 'db_dump.json';
+                    if (contentDisp) {
+                        const match = contentDisp.match(/filename="(.+?)"/);
+                        if (match && match[1]) {
+                            filename = match[1];
+                        }
+                    }
+                    return response.blob().then(blob => ({ blob, filename }));
+                })
+                .then(({ blob, filename }) => {
+                    // Create a link element to trigger the download
+                    const url = window.URL.createObjectURL(blob);
+                    const a = document.createElement('a');
+                    a.style.display = 'none';
+                    a.href = url;
+                    a.download = filename;
+                    document.body.appendChild(a);
+                    a.click();
+                    window.URL.revokeObjectURL(url);
+                    document.body.removeChild(a);
+
+                    updateStatus(`Database dump downloaded successfully as **${filename}**.`, false);
+                })
+                .catch(error => {
+                    updateStatus(`Dump failed: ${error.message}`, true);
+                    console.error('Dump Error:', error);
+                });
+        }
+
+        /**
+         * Handles the POST request for restoring the DB from an uploaded file.
+         */
+        document.getElementById('restoreForm').addEventListener('submit', function(e) {
+            e.preventDefault();
+            
+            const fileInput = document.getElementById('dumpFile');
+            const mode = document.getElementById('restoreMode').value;
+            const file = fileInput.files[0];
+
+            if (!file) {
+                updateStatus("Please select a dump file to upload.", true);
+                return;
+            }
+
+            updateStatus(`Restoring database in **${mode}** mode... Uploading **${file.name}**...`, false);
+
+            // Use a FormData object to send the file content
+            const formData = new FormData();
+            formData.append('data', file); // The server-side should handle reading the file content from the body
+
+            // Read file content as text/bytes to send directly in the body
+            const reader = new FileReader();
+            reader.onload = function(event) {
+                fetch(`${API_ENDPOINT}?mode=${mode}`, {
+                    method: 'POST',
+                    headers: {
+                        // The file content is the body, so set Content-Type to JSON (or leave default if server reads raw body)
+                        'Content-Type': 'application/json' 
+                    },
+                    body: event.target.result // Send the raw file content (JSON string/bytes)
+                })
+                .then(response => {
+                    // Check if response has content before trying to parse JSON
+                    const contentType = response.headers.get("content-type");
+                    if (contentType && contentType.indexOf("application/json") !== -1) {
+                        return response.json().then(data => ({ response, data }));
+                    } else {
+                        return response.text().then(text => ({ response, data: text }));
+                    }
+                })
+                .then(({ response, data }) => {
+                    if (!response.ok) {
+                        const errorMessage = typeof data === 'object' && data.message ? data.message : data.toString();
+                        throw new Error(`HTTP Error ${response.status}: ${errorMessage}`);
+                    }
+                    
+                    const message = typeof data === 'object' && data.message ? data.message : "Restore command acknowledged successfully.";
+                    updateStatus(`Restore successful! ${message}`, false);
+                })
+                .catch(error => {
+                    updateStatus(`Restore failed: ${error.message}`, true);
+                    console.error('Restore Error:', error);
+                });
+            };
+            
+            // Read the file as a text string (assuming the dump file is readable JSON)
+            reader.readAsText(file); 
+        });
+    </script>
+</body>
+</html>
\ No newline at end of file