Nvidia adopts OpenBao, open source fork of HashiCorp's Vault

Nvidia is now among the official adopters of OpenBao, an open source fork of HashiCorp's Vault secrets management software, according to recently released documentation.

Nvidia’s involvement signals growing support for OpenBao, which so far hasn't received as widespread attention or adoption as its infrastructure-as-code counterpart, OpenTofu, a fork of HashiCorp's Terraform that amassed formal pledges of support from more than 140 companies and 600 individuals in its first month.

That's begun to change recently, according to a regional leader for a UK-based consulting firm that began offering commercial support for OpenBao earlier this year, who told TechTarget that the project has gained momentum this year amid rising global concerns about digital sovereignty, particularly in the European Union.

"I can't say who they are, due to NDAs, but there's definitely a lot more enterprise interest, and some very, very big names," said Aiman Alsari, head of Asia Pacific for ControlPlane, in an interview this week. "Of our strong leads and current clients, I'd say it's about 75% outside the U.S."

OpenBao was created in late 2023 by IBM engineers who led the Linux Foundation's Open Horizon edge computing project, in response to HashiCorp's move to a business source license that year. IBM declared its intent to acquire HashiCorp for $6.5 billion in April 2024; OpenBao reached a production-ready version 2.0 release in September 2024 and joined the Open Source Security Foundation as a sandbox project in June 2025. The paid version of HashiCorp Vault is now IBM Vault Enterprise; one IBM engineer remains listed as a core maintainer of OpenBao in GitHub documents.

Some companies are hesitant about whether OpenBao is really viable for enterprise use, according to Alsari, but the OpenSSF's backing has begun to change that. As a sandbox project within the foundation, OpenBao gets a separately maintained CVE disclosure mailing list, community security audits, transparency requirements, and integrations with supply chain security tools such as Sigstore.

Meanwhile, Nvidia disclosed in publicly available documentation that it uses OpenBao to inject secrets into Kubernetes pods managed by its Nvidia Cloud Functions (NVCF). That project, an auto-scaling, serverless GPU control plane, was made available under an Apache 2.0 open source license in April. Nvidia was added to the public list of OpenBao adopters on May 20.

The next release of OpenBao, version 2.6, due out in the coming weeks, will include server-side workflows that allow platform engineering teams to integrate the project with internal self-service portals.

"Quite literally, it has been my job to help companies write their own thing [to put] in front of Vault for a long time," Alsari said. "We've done quite a lot of consulting work in that space. ... That's how we're starting to differentiate [with OpenBao]."

ControlPlane also supports HashiCorp Vault customers and offers a tool to help them migrate to OpenBao. Further down the roadmap, the project will integrate short-lived secrets management for AI agents, he said.

OpenBao still has far to grow to challenge Vault

OpenBao may not need to win on breadth alone. Its stronger angle could be open governance ... especially where clients are reassessing vendor lock-in or proprietary control planes.

The OpenBao ecosystem is smaller than its higher-profile counterpart OpenTofu, an open source fork of HashiCorp's Terraform infrastructure as code software, which lists 163 companies, 12 open source projects and 791 individuals among its supporters. IBM does not report the number of customers or amount of revenue from what is now IBM Vault Enterprise, but HashiCorp reported more than 4,300 enterprise customers in 2023.

Still, digital sovereignty could be a new growth driver for the project, according to one industry expert

"Sovereignty could definitely be an interesting growth wrinkle here," said Varun Raj, a cloud and AI engineering executive working on enterprise AI and cloud transformation initiatives. "The ecosystem is clearly not at IBM or HashiCorp scale yet, but OpenBao may not need to win on breadth alone. Its stronger angle could be open governance, portability, and control of secrets and keys in regulated or sovereign environments — especially where clients are reassessing vendor lock-in or proprietary control planes."

For startups or small teams with static secrets, there are other alternatives to OpenBao, including the open source SOPS project and cloud providers' secrets management services, said Anuj Tyagi, a senior site reliability engineer at a communications company he requested not be named.

But OpenBao is potentially useful for organizations that need dynamic credentials, operate a multi-cloud environment, or manage secrets for many teams with isolation requirements.

Anuj Tyagi

"It's similar to the Community version of Vault with free licensing for multi-tenancy," Tyagi said. "Although commercial services also provide options to store secrets in the EU region, for organizations that want to store secrets in their own environment … OpenBao is a strong option."

Nvidia joined other OpenBao adopters, including Swiss open source service provider Adfinis, SAP's ApeiroRA, a reference architecture for sovereign clouds in Europe, and high-energy particle physics lab Fermi National Accelerator Laboratory. Companies listed as OpenBao supporters include GitLab and collaboration suite maker Proton; integrators include OVHCloud and Sigstore.

The project also now has eight companies offering commercial professional support to enterprises, including ControlPlane. Alexander Scheel, a core maintainer of OpenBao left GitLab to join ControlPlane in March 2026.

Reps from OpenSSF and Nvidia were not immediately available for comment on the news as of press time.

Beth Pariseau, senior news writer for Informa TechTarget, is an award-winning veteran of IT journalism. Have a tip? Email her or connect on LinkedIn.