> ## Documentation Index
> Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Install Cone, the C1 CLI

> C1's CLI brings key access request workflows to the command line.

## What is Cone?

A CLI, or command-line interface, is a text-based user interface that allows users to interact with a computer by typing commands. CLIs are popular with developers, system administrators, and security engineers because of the speed, control, and flexibility they offer.

We created the C1's CLI, **Cone**, to bring the power of C1 to the command line.

<Tip>
  If you're building automation, scripts, or AI agent workflows, C1 also provides [c1i](/product/cli/c1i) — a separate CLI designed for machine-readable output and broad API access.
</Tip>

## Why is it called Cone?

Our product name is C1 — spell out the "1" and you get "C-one". Cone!

## What can I do with Cone?

Here are just a few of key C1 tasks you can perform on the command line by using Cone.

### Search for available entitlements

The `search` command displays all entitlements currently available to you from all applicable access profiles:

```shell theme={"theme":{"light":"css-variables","dark":"css-variables"}}
cone search
```

### Get access to an entitlement

The `get` command retrieves a specific entitlement using its alias:

```shell theme={"theme":{"light":"css-variables","dark":"css-variables"}}
cone get ${entitlement_alias}
```

For example:

```shell theme={"theme":{"light":"css-variables","dark":"css-variables"}}
cone get aws-prod-admin
```

This command will find an entitlement in C1 with the alias `aws-prod-admin`. If you already have access to this entitlement, `cone` will exit successfully (exit status 0). However, if you don't currently have access but the entitlement is available to you (in other words, it's present in one of your access profiles), `cone` will create an access request in C1 and notify the necessary approvers. Based on the entitlement's settings, the command may prompt you to enter a justification or length of access.

Once the request is approved, you'll be able to access the entitlement.

### Drop an entitlement

The `drop` command revokes a specific entitlement using its alias:

```shell theme={"theme":{"light":"css-variables","dark":"css-variables"}}
cone drop ${entitlement_alias}
```

For example:

```shell theme={"theme":{"light":"css-variables","dark":"css-variables"}}
cone drop aws-prod-admin
```

If you currently have access to this entitlement, `cone` will create a revocation request in the C1 and, following any required review, deprovision the access. If you don't have acccess to the entitlement, `cone` will exit successfully (exit status 0).

### Use Cone with AWS SSO

If your organization uses AWS IAM Identity Center, Cone can request and retrieve AWS credentials directly from the AWS CLI. See [Use Cone with AWS SSO](/product/how-to/cone-aws-sso-integration) for setup instructions.

## Supported operating systems

C1 provides `cone` binaries for popular operating systems including macOS, Windows, and Linux on the x86 and ARM platforms. If your platform is not listed, please [contact us](mailto:support@c1.ai) or build from source.

## Install Cone

To install `cone`, use one of the following two methods:

* [Download the latest release from GitHub](https://github.com/conductorone/cone/releases).

* Install via [Homebrew](https://brew.sh/). If you have Homebrew installed on your system, you can use the following command to install `cone`:

```shell theme={"theme":{"light":"css-variables","dark":"css-variables"}}
brew install conductorone/cone/cone
```

## Authorize Cone

To authorize `cone`:

<Steps>
  <Step>
    Run `cone login <tenant-name or tenant-url>`, passing in the name (such as `example.conductor.one`) or URL (such as `https://example.conductor.one`) of your C1 instance.
  </Step>

  <Step>
    A new browser window opens with an authorization message and code. Review the authorization code against the code shown in your terminal and click **Authorize**. Once you see the **Cone has been authorized** message, it's safe to close this browser tab.
  </Step>

  <Step>
    Cone generates an API key for you, and then creates a config file at `$HOME/<user name>/.conductorone/config.yaml` to store and access your credentials and user-specific data.
  </Step>
</Steps>

**Done.** You're ready to start using `cone`. Check out the [Cone command reference](/product/cli/commands) for an overview of all available commands, subcommands, and flags.

## View and manage your API key

If needed, you can view your API key and its `client-id`. Go to your username in the C1 app and click **API keys**. You'll see an API key named "Created by Cone".

On the **API keys** page, you can also generate a new API key for yourself, with the option of limiting its duration, source IPs, and scope. Go to [Create a personal API key](/conductorone-api/api#create-a-personal-api-key) for instructions.

## Working with the configuration file

The configuration file generated by `cone` during the authorization process file is in YAML format and is primarily used for storing profile details. Here's an example configuration file:

```yaml theme={"theme":{"light":"css-variables","dark":"css-variables"}}
profiles:
  default:
    client-id: <Your-Client-ID-Goes-Here>
    client-secret: <Your-Client-Secret-Goes-Here>
```

You can add multiple profiles to the configuration file by adding another key to the profiles map, and `cone` will use this profile when the `$CONE_PROFILE` environment variable or `--profile` command line flag are passed to the tool.