At Red Hat Summit 2026 in Atlanta, I sat down on the show floor with Christian Gafner, Partner Manager at Adfinis — a global systems integrator and service provider built entirely on open source software. Christian’s agenda for the week was straightforward: connect with partners, reconnect with familiar faces across the ecosystem, and grow the network. But the topic that kept surfacing in nearly every conversation, his included, was digital sovereignty — and where it’s headed next.
Why Digital Sovereignty Is This Year’s Hallway Topic
I wrote about the mechanics of sovereign cloud architecture in detail earlier this year: data sovereignty, operational sovereignty, and software sovereignty as three separate layers, only one of which a hyperscaler region actually solves for you. What struck me at Summit is how far the conversation has moved since then. It is no longer a slide in a procurement deck — it is showing up in one-on-one conversations with partner managers, systems integrators, and vendors who did not used to think of themselves as being in the sovereignty business.
Christian’s version of the topic is the software-sovereignty layer specifically: who controls the tool your entire secrets and identity model depends on, and what happens if that controller changes the rules. That is not an abstract worry for anyone who has watched the secrets management space over the past few years — it is exactly what happened when HashiCorp relicensed Vault from MPL to BUSL and a chunk of the open source community, backed by IBM, forked it into what became OpenBao under the Linux Foundation. Digital sovereignty, in other words, is not only about where your data centers sit on a map. It is also about whether the license and governance of your infrastructure software can be changed out from under you by a single vendor’s business decision — a point I have made before in the context of governance and trust architecture more broadly.
What a TSC Seat and a 24/7 SLA Actually Buy You
Adfinis is not just a user of OpenBao — Christian described the company as a core contributor and maintainer, with a seat on the project’s Technical Steering Committee. That distinction matters. Being a customer of a vendor-controlled product means consuming whatever roadmap, licensing terms, and support posture that vendor decides on next. Sitting on a TSC means an actual vote in the project’s direction and, crucially, no single company left holding a unilateral veto over the license — the structural fix for the exact risk that created OpenBao in the first place.
Open governance alone, though, does not get a CIO to sign a production contract. That is where the rest of Adfinis’s bet comes in: they back OpenBao with a 24/7 enterprise SLA. A community project with no one accountable at 3am when a secrets backend goes down is a non-starter for regulated industries, however clean its governance looks on paper. Pairing a TSC seat with round-the-clock support turns “openly governed” from an ideological talking point into something a security team can build a production dependency on — the same credibility gap HashiCorp’s enterprise tier once filled for Vault, now met by a systems integrator instead of the original vendor.
Why an Open-Source-Only Integrator Backs Exactly This Project
Adfinis’s business model depends on there being no proprietary lock-in underneath its customers’ infrastructure — that is the pitch of a systems integrator built “entirely on open source software.” A single-vendor-controlled secrets manager is a direct threat to that model: if the tool underneath can be relicensed overnight, so can the independence Adfinis sells. Becoming a maintainer and TSC member flips that risk into leverage. Instead of waiting on someone else’s roadmap, Adfinis co-owns it, and can tell any customer asking “who do we call about a Vault alternative with no relicensing risk” that the answer sits inside their own organization.
It also positions Adfinis squarely inside the sovereignty conversation that is dominating hallway chats like the one Christian and I had. A Switzerland-headquartered integrator with a genuine governance seat in a Linux Foundation secrets project is a credible answer for European organizations working through exactly the sovereignty layers I outlined in my EU cloud strategy piece — control over data, operations, and now the software supply chain underneath enterprise security tooling.
I also caught a brief moment with Mark Pickens of Portworx by Pure Storage on the show floor that same week — Portworx pairs with Red Hat OpenShift for cloud-native, Kubernetes-ready storage across virtualized and containerized workloads, a good reminder that the sovereignty and resilience conversation at Summit stretched well beyond secrets management into storage and infrastructure more broadly.
Digital sovereignty kept coming up in nearly every hallway conversation I had this week. Watching where OpenBao’s governance model and its growing bench of enterprise-backing integrators go next is one of the clearer signals of where that trend is heading.
Related Reading
- Red Hat Summit 2026 in Atlanta: Open Source Meets AI
- OpenBao Founder on Secrets Management for AI Agents
- Sovereign Cloud: Building EU-Compliant Infrastructure
- Digital Sovereignty in Europe
- Digital Sovereignty: Governance and Trust
About the Author
I am Luca Berton, AI and Cloud Advisor. I work at the intersection of platform engineering, cloud security, and enterprise AI deployments. Book a consultation.




