I've been using elhaz (https://github.com/61418/elhaz) to manage AWS creds locally, and also experimenting with sandboxed (e.g. dangerously-skip-permissions) agents using Docker. The nice thing is that you can use a single Unix socket to expose agent-specific creds rather than dealing with files or environment variables.