Metadata-Version: 2.4
Name: elhaz
Version: 0.5.1
Summary: A local daemon-backed AWS temporary credential broker, exposed over a Unix socket and controlled via CLI.
Project-URL: Changelog, https://github.com/61418/elhaz/blob/main/CHANGELOG.md
Project-URL: Documentation, https://61418.io/elhaz
Project-URL: Issues, https://github.com/michaelthomasletts/elhaz/issues
Project-URL: Repository, https://github.com/michaelthomasletts/elhaz
Author-email: Mike Letts <michael@61418.io>
Maintainer-email: 61418 <general@61418.io>
License: MPL-2.0
License-File: LICENSE
Keywords: aws,cli,credentials,refresh,sts
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Information Technology
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)
Classifier: Natural Language :: English
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Classifier: Topic :: Security
Classifier: Topic :: Terminals
Classifier: Topic :: Utilities
Requires-Python: >=3.10
Requires-Dist: boto3-refresh-session==10.0.6
Requires-Dist: pydantic>=2.12.5
Requires-Dist: pygments>=2.19.2
Requires-Dist: questionary>=2.1.1
Requires-Dist: ruamel-yaml>=0.19.1
Requires-Dist: typer>=0.24.1
Description-Content-Type: text/markdown

<p align="center">
  <img 
    src="https://raw.githubusercontent.com/61418/elhaz/refs/heads/main/docs/_static/transparent_header_elhaz.png" 
    alt="elhaz" 
  />
</p>

</br>

<div align="center">

  <a href="https://pypi.org/project/elhaz/">
    <img 
      src="https://img.shields.io/pypi/v/elhaz?color=7d8450&logo=python&label=Latest%20Version&labelColor=%23474749"
      alt="pypi_version"
    />
  </a>

  <a href="https://pypi.org/project/elhaz/">
    <img 
      src="https://img.shields.io/pypi/pyversions/elhaz?style=pypi&color=7d8450&logo=python&label=Compatible%20Python%20Versions&labelColor=%23474749" 
      alt="py_version"
    />
  </a>

  <a href="https://github.com/61418/elhaz/actions/workflows/push.yml">
    <img 
      src="https://img.shields.io/github/actions/workflow/status/61418/elhaz/push.yml?logo=github&color=7d8450&label=Build&labelColor=%23474749" 
      alt="workflow"
    />
  </a>

  <a href="https://github.com/61418/elhaz/actions/workflows/codeql.yml">
    <img 
      src="https://img.shields.io/github/actions/workflow/status/61418/elhaz/codeql.yml?logo=github&color=7d8450&label=CodeQL&labelColor=%23474749" 
      alt="codeql"
    />
  </a>

  <a href="https://github.com/61418/elhaz/commits/main">
    <img 
      src="https://img.shields.io/github/last-commit/61418/elhaz?logo=github&color=7d8450&label=Last%20Commit&labelColor=%23474749" 
      alt="last_commit"
    />
  </a>

  <a href="https://61418.io/elhaz">
    <img 
      src="https://img.shields.io/badge/Official%20Documentation-📘-7d8450?style=flat&labelColor=%23474749&logo=readthedocs" 
      alt="documentation"
    />
  </a>

  <a href="https://github.com/61418/elhaz">
    <img 
      src="https://img.shields.io/badge/Source%20Code-💻-7d8450?style=flat&labelColor=%23474749&logo=github" 
      alt="github"
    />
  </a>

  <a href="https://github.com/61418/elhaz/blob/main/LICENSE">
    <img 
      src="https://img.shields.io/static/v1?label=License&message=MPL-2.0&color=7d8450&labelColor=%23474749&logo=github&style=flat"
      alt="license"
    />
  </a>

<a href="https://pepy.tech/projects/elhaz">
  <img
    src="https://img.shields.io/endpoint?url=https%3A%2F%2Fmichaelthomasletts.github.io%2Fpepy-stats%2Felhaz.json&style=flat&logo=python&labelColor=%23474749&color=7d8450"
    alt="downloads"
  />
</a>  

</div>

</br>

## What is elhaz?

elhaz is a local daemon-backed AWS temporary credential broker, exposed over a Unix socket and controlled via CLI.

Instead of a locally hosted HTTP metadata emulation service (ECS), which is less secure and requires multiple processes for each assumed RoleArn, elhaz runs a single process and serves automatically refreshed temporary AWS credentials on demand. 

elhaz caches AWS sessions for however long the daemon is kept alive (or sessions are removed by command), which eliminates redundant session creations and STS calls. 

Unix-socket IPC is lightweight and gives a tighter local boundary than HTTP, avoids exposing local credential endpoints over TCP, and allows temporary credentials to live in memory rather than at rest on disk.

Crucially, because elhaz uses [boto3-refresh-session](https://github.com/61418/boto3-refresh-session) as its core dependency for refreshing temporary AWS security credentials, which in turn depends on botocore, [elhaz supports IAM Identity Center (SSO)](https://61418.io/elhaz/concepts/identitycenter.html) using the AWS CLI.

**elhaz makes multi-role local AWS workflows cleaner by combining brokered access, in-memory caching, IAM Identity Center (SSO) support, and host-local IPC into one model.**

elhaz was authored by [Mike Letts](https://github.com/michaelthomasletts) and is maintained by [61418](https://github.com/61418).

## Installation

With `uv`:

```bash
uv tool install elhaz
```

With `pipx`:

```bash
pipx install elhaz
```

## Usage

To get started with using elhaz, check the [quickstart guide](https://61418.io/elhaz/quickstart.html).

To learn critical concepts for using elhaz, check the [concepts section](https://61418.io/elhaz/concepts/index.html) of the docs.

For technical details, check the [CLI docs](https://61418.io/elhaz/cli/index.html).

## License

elhaz is licensed by the [Mozilla Public License 2.0 (MPL-2.0)](https://github.com/61418/elhaz/blob/main/LICENSE).

## Contributing

Refer to the [contributing guidelines](https://github.com/61418/elhaz?tab=contributing-ov-file).