What is Cone?

A CLI, or command-line interface, is a text-based user interface that allows users to interact with a computer by typing commands. CLIs are popular with developers, system administrators, and security engineers because of the speed, control, and flexibility they offer.

We created the ConductorOne’s CLI, Cone, to bring the power of ConductorOne to the command line.

Why is it called Cone?

For informal use we like to shorten “ConductorOne” to “C1”. If you spell out the number … you get “Cone”!

What can I do with Cone?

Here are just a few of key ConductorOne tasks you can perform on the command line by using Cone.

Search for available entitlements

The search command displays all entitlements currently available to you from all applicable request catalogs:

$ cone search

Get access to an entitlement

The get command retrieves a specific entitlement using its alias:

$ cone get ${entitlement_alias}

For example:

$ cone get aws-prod-admin

This command will find an entitlement in ConductorOne with the alias aws-prod-admin. If you already have access to this entitlement, cone will exit successfully (exit status 0). However, if you don’t currently have access but the entitlement is available to you (in other words, it’s present in one of your request catalogs), cone will create an access request in ConductorOne and notify the necessary approvers. Based on the entitlement’s settings, the command may prompt you to enter a justification or length of access.

Once the request is approved, you’ll be able to access the entitlement.

Drop an entitlement

The drop command revokes a specific entitlement using its alias:

$ cone drop ${entitlement_alias}

For example:

$ cone drop aws-prod-admin

If you currently have access to this entitlement, cone will create a revocation request in the ConductorOne and, following any required review, deprovision the access. If you don’t have acccess to the entitlement, cone will exit successfully (exit status 0).