https://github.com/61418/elhaz
A local daemon-backed AWS temporary credential broker, exposed over a Unix socket and controlled via CLI.
https://github.com/61418/elhaz
aws cli sts
Last synced: 3 months ago
JSON representation
A local daemon-backed AWS temporary credential broker, exposed over a Unix socket and controlled via CLI.
- Host: GitHub
- URL: https://github.com/61418/elhaz
- Owner: 61418
- License: mpl-2.0
- Created: 2026-03-08T06:58:54.000Z (4 months ago)
- Default Branch: main
- Last Pushed: 2026-04-14T14:07:16.000Z (3 months ago)
- Last Synced: 2026-04-14T16:09:50.968Z (3 months ago)
- Topics: aws, cli, sts
- Language: Python
- Homepage: https://61418.io/elhaz/
- Size: 404 KB
- Stars: 4
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
README
## What is elhaz?
elhaz is a local daemon-backed AWS temporary credential broker, exposed over a Unix socket and controlled via CLI.
Instead of a locally hosted HTTP metadata emulation service (ECS), which is less secure and requires multiple processes for each assumed RoleArn, elhaz runs a single process and serves automatically refreshed temporary AWS credentials on demand.
elhaz caches AWS sessions for however long the daemon is kept alive (or sessions are removed by command), which eliminates redundant session creations and STS calls.
Unix-socket IPC is lightweight and gives a tighter local boundary than HTTP, avoids exposing local credential endpoints over TCP, and allows temporary credentials to live in memory rather than at rest on disk.
Crucially, because elhaz uses [boto3-refresh-session](https://github.com/61418/boto3-refresh-session) as its core dependency for refreshing temporary AWS security credentials, which in turn depends on botocore, elhaz supports IAM Identity Center (SSO) using the AWS CLI.
**elhaz makes multi-role local AWS workflows cleaner by combining brokered access, in-memory caching, IAM Identity Center (SSO) support, and host-local IPC into one model.**
elhaz was authored by [Mike Letts](https://github.com/michaelthomasletts) and is maintained by [61418](https://github.com/61418).
## Installation
With `uv`:
```bash
uv tool install elhaz
```
With `pipx`:
```bash
pipx install elhaz
```
## Usage
To get started with using elhaz, check the [quickstart guide](https://61418.io/elhaz/quickstart.html).
To learn critical concepts for using elhaz, check the [concepts section](https://61418.io/elhaz/concepts/index.html) of the docs.
For technical details, check the [CLI docs](https://61418.io/elhaz/cli/index.html).
## License
elhaz is licensed by the [Mozilla Public License 2.0 (MPL-2.0)](https://github.com/61418/elhaz/blob/main/LICENSE).
## Contributing
Refer to the [contributing guidelines](https://github.com/61418/elhaz?tab=contributing-ov-file).