Skip to main content

A local daemon-backed AWS temporary credential broker, exposed over a Unix socket and controlled via CLI.

Project description

elhaz



What is elhaz?

elhaz is a local daemon-backed AWS temporary credential broker, exposed over a Unix socket and controlled via CLI.

Instead of a locally hosted HTTP metadata emulation service (ECS), which is less secure and requires multiple processes for each assumed RoleArn, elhaz runs a single process and serves automatically refreshed temporary AWS credentials on demand.

elhaz caches AWS sessions for however long the daemon is kept alive (or sessions are removed by command), which eliminates redundant session creations and STS calls.

Unix-socket IPC is lightweight and gives a tighter local boundary than HTTP, avoids exposing local credential endpoints over TCP, and allows temporary credentials to live in memory rather than at rest on disk.

Crucially, because elhaz uses boto3-refresh-session as its core dependency for refreshing temporary AWS security credentials, which in turn depends on botocore, elhaz supports IAM Identity Center (SSO) using the AWS CLI.

elhaz makes multi-role local AWS workflows cleaner by combining brokered access, in-memory caching, IAM Identity Center (SSO) support, and host-local IPC into one model.

elhaz was authored by Mike Letts and is maintained by 61418.

Installation

With uv:

uv tool install elhaz

With pipx:

pipx install elhaz

Usage

To get started with using elhaz, check the quickstart guide.

To learn critical concepts for using elhaz, check the concepts section of the docs.

For technical details, check the CLI docs.

Recognition and Testimonials

elhaz was featured at the fwd:cloudsec North America 2026 conference at the Meydenbauer Center in Bellevue, WA on June 1st, 2026.

In May 2026, elhaz was featured by TL;DR Sec newsletter.

In this blog post, EngSecLabs cleverly mounts the Unix socket managed by elhaz to a Docker container in order to sandbox an AI agent.

License

elhaz is licensed by the Mozilla Public License 2.0 (MPL-2.0).

Contributing

Refer to the contributing guidelines.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

elhaz-0.5.4.tar.gz (133.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

elhaz-0.5.4-py3-none-any.whl (39.7 kB view details)

Uploaded Python 3

File details

Details for the file elhaz-0.5.4.tar.gz.

File metadata

  • Download URL: elhaz-0.5.4.tar.gz
  • Upload date:
  • Size: 133.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for elhaz-0.5.4.tar.gz
Algorithm Hash digest
SHA256 bb26eb3f302258d17df9eae53faa3ff0bdcb3b3f834bab7fff8f2a8da9323639
MD5 8b855c97cbfbebc669ccfe26921db08c
BLAKE2b-256 b41cdf57aeb17ab33f2e32d27856bcf2a48dc6ad2f6f29ebba480965dea5b520

See more details on using hashes here.

Provenance

The following attestation bundles were made for elhaz-0.5.4.tar.gz:

Publisher: push.yml on 61418/elhaz

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file elhaz-0.5.4-py3-none-any.whl.

File metadata

  • Download URL: elhaz-0.5.4-py3-none-any.whl
  • Upload date:
  • Size: 39.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for elhaz-0.5.4-py3-none-any.whl
Algorithm Hash digest
SHA256 04ccc0777275012f4f8071e43a132a8c4300b255785cb94707b85c641df32a87
MD5 711395e58f67c9aa08ad4b98524092a3
BLAKE2b-256 f476e8e952e6161045f875995422cc50772fcf5c4fd67589d5459de0880c94ce

See more details on using hashes here.

Provenance

The following attestation bundles were made for elhaz-0.5.4-py3-none-any.whl:

Publisher: push.yml on 61418/elhaz

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page