There’s one part of the sovereignty question almost everyone skips: where the encryption keys actually live. You can store all data inside the EU and still lose control if key management sits with a party under the wrong jurisdiction.
The key is the lever
Encryption is only as strong as the custody of the key. If someone can demand the key material — legally or technically — it doesn’t matter how well the data is encrypted. So we treat key custody as a sovereignty question in itself, not a technical detail.
Why OpenBao
OpenBao is open source for secrets and key management. We run it EU-resident, per tenant, so no key material leaves the jurisdiction. It’s open and auditable, which means custody isn’t a black box you have to take on faith.
Where your keys live is as sovereign as where your data lives. Often more.
— from Kepler’s trust model
Provable, not claimed
We can show the key’s residency in the product, not just claim it in a PDF. A residency and access report makes custody auditable for you and your auditor. That’s the difference between a matter of trust and a matter of evidence.