T Cloud Public on Elestio: Sovereign, GDPR-Compliant Hosting
For a lot of European companies, the cloud question stopped being "which region is cheapest" a while ago. It is now "whose laws actually apply to my data?" If you are in a regulated industry, the public sector, or you simply do not want your customer records sitting under a foreign jurisdiction, that question matters more than a few cents per gigabyte. So we are happy to share something that answers it directly: you can now run your Elestio services on T Cloud Public.
What we shipped
T Cloud Public, formerly Open Telekom Cloud, is the sovereign public cloud operated by T-Systems, a Deutsche Telekom company. Elestio now supports it as a Bring Your Own Cloud provider. In plain terms: you keep your own T Cloud Public account, you point Elestio at it, and we handle the rest. Provisioning, scaling, backups, monitoring, updates, and the full lifecycle of 400+ open-source applications, all running on infrastructure you own, in data centers that never leave Germany.
You get the Elestio experience you already know, one-click open-source deployments without the operational grind, on a cloud built specifically for European data sovereignty.
Why enterprises care about this
The appeal here is not marketing. T Cloud Public is built around a simple promise: your data stays in German data centers, governed exclusively by German and EU law, independent of non-European access. That comes with a stack of certifications that procurement and compliance teams actually ask for:
| Area | What T Cloud Public offers |
|---|---|
| Data residency | Stored and processed in German data centers (eu-de, eu-nl regions) |
| Jurisdiction | Subject to German and EU law, GDPR-compliant |
| Security certifications | BSI C5:2020, ISO 27001 / 27018 / 27701, SOC 1/2/3, TISAX |
| Operator | T-Systems, a Deutsche Telekom company |
For a bank, a hospital, a public agency, or any company with data-residency clauses in its contracts, that combination is the difference between "we can use this" and "legal said no." Pairing it with open-source software you control end to end, instead of a closed SaaS, closes the sovereignty loop completely.
How Bring Your Own Cloud works
The model is straightforward. Your T Cloud Public account stays yours, and you give Elestio scoped programmatic access to automate on top of it. You need three things:
| Credential | Where it comes from |
|---|---|
| Access Key (AK) | A dedicated IAM user |
| Secret Key (SK) | Generated with the access key |
| Domain Name | Your account identifier (e.g. OTC00000000001) |
The setup is quick:
- In the T Cloud Public console, create a dedicated IAM user configured for programmatic access, and save the Access Key and Secret Key.
- Assign the IAM policies Elestio needs to provision and manage infrastructure (compute, block storage, networking, encryption-key read access, and DNS), scoped to all existing and future projects.
- Make sure at least one region project is enabled, for example eu-de or eu-nl.
- Grab your Domain Name from the account info page.
- In the Elestio dashboard, choose BYO-TCloud as your provider, enter the AK, SK, and Domain Name, and click Verify Config for automatic validation.
That is it. From there you deploy and manage services exactly as you would on any other Elestio provider. The full step-by-step, including the exact IAM policies, is in our T Cloud Public (BYO-TCloud) documentation.
A note on cost
Bring Your Own Cloud means you pay T Cloud Public directly for the underlying infrastructure, and Elestio for the managed automation layer on top. There is no markup hidden in your compute bill, and you keep full visibility and ownership of the account. For teams that have already committed to T Cloud Public, or have to for compliance reasons, this turns Elestio into the easy button for running open-source software there.
Troubleshooting the connection
- "No projects found" usually means no region project is enabled yet. Enable eu-de or eu-nl in the T Cloud Public console and retry.
- Volumes fail to create? Confirm the
evs/defaultencryption key exists and the IAM user has read access to KMS. - Managing existing services? The IAM user needs multi-region access, not just a single project.
Who should try it
If data sovereignty is a hard requirement rather than a nice-to-have, this is for you. Regulated industries, European public sector, and any enterprise that wants a reliable German operator behind its infrastructure can now get managed open-source on T Cloud Public without building the automation themselves.
You can connect your account today from the Elestio dashboard. If you want to see the full catalog first, browse the 400+ managed open-source services you can run on it.
Thanks for reading ❤️ See you in the next one 👋