Skip to main content

A local daemon-backed AWS temporary credential broker, exposed over a Unix socket and controlled via CLI.

Project description

elhaz



What is elhaz?

elhaz is a local daemon-backed AWS temporary credential broker, exposed over a Unix socket and controlled via CLI.

Instead of a locally hosted HTTP metadata emulation service (ECS), which is less secure and requires multiple processes for each assumed RoleArn, elhaz runs a single process and serves automatically refreshed temporary AWS credentials on demand.

elhaz caches AWS sessions for however long the daemon is kept alive (or sessions are removed by command), which eliminates redundant session creations and STS calls.

Unix-socket IPC is lightweight and gives a tighter local boundary than HTTP, avoids exposing local credential endpoints over TCP, and allows temporary credentials to live in memory rather than at rest on disk.

Crucially, because elhaz uses boto3-refresh-session as its core dependency for refreshing temporary AWS security credentials, which in turn depends on botocore, elhaz supports IAM Identity Center (SSO) using the AWS CLI.

elhaz makes multi-role local AWS workflows cleaner by combining brokered access, in-memory caching, IAM Identity Center (SSO) support, and host-local IPC into one model.

elhaz was authored by Mike Letts and is maintained by 61418.

Installation

With uv:

uv tool install elhaz

With pipx:

pipx install elhaz

Usage

To get started with using elhaz, check the quickstart guide.

To learn critical concepts for using elhaz, check the concepts section of the docs.

For technical details, check the CLI docs.

Recognition and Testimonials

In May 2026, elhaz was featured by TL;DR Sec newsletter.

In this blog post, EngSecLabs cleverly mounts the Unix socket managed by elhaz to a Docker container in order to sandbox an AI agent.

License

elhaz is licensed by the Mozilla Public License 2.0 (MPL-2.0).

Contributing

Refer to the contributing guidelines.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

elhaz-0.5.3.tar.gz (132.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

elhaz-0.5.3-py3-none-any.whl (39.6 kB view details)

Uploaded Python 3

File details

Details for the file elhaz-0.5.3.tar.gz.

File metadata

  • Download URL: elhaz-0.5.3.tar.gz
  • Upload date:
  • Size: 132.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for elhaz-0.5.3.tar.gz
Algorithm Hash digest
SHA256 b07b2680a0a3d0856dedcedb51701974538d141b8f893aeda386c82e4555b61f
MD5 3ec016a1e7d1ac434f8a15aec7df67f7
BLAKE2b-256 b4a4ab2bcb0dbe0ff2f00486d52b7af1e88f06b20a4cda40e446c3502442c857

See more details on using hashes here.

Provenance

The following attestation bundles were made for elhaz-0.5.3.tar.gz:

Publisher: push.yml on 61418/elhaz

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file elhaz-0.5.3-py3-none-any.whl.

File metadata

  • Download URL: elhaz-0.5.3-py3-none-any.whl
  • Upload date:
  • Size: 39.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for elhaz-0.5.3-py3-none-any.whl
Algorithm Hash digest
SHA256 c8f5f83875048e269dc136e028ffd984e23ba3b699ad8b4645ae12b67503e422
MD5 6ffc4a7397c0772fb476472c06cbb949
BLAKE2b-256 9513e37af6e53d30fdf44815aaf567884eeb89d339a6b1ba46bcb341610a70ea

See more details on using hashes here.

Provenance

The following attestation bundles were made for elhaz-0.5.3-py3-none-any.whl:

Publisher: push.yml on 61418/elhaz

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page