Tolmo: Cloud Security CLI for Modern Security Teams

Tolmo is a command-line interface for the Tolmo cloud security platform. It gives your team a single tool to query infrastructure graphs, manage security findings, and proxy requests to connected services — all authenticated through your organization’s backend. This page explains what Tolmo does, who it’s designed for, and how it fits into your security workflow.

What is Tolmo?

Tolmo is a unified CLI that bridges your terminal to the Tolmo cloud security platform. Instead of juggling separate credentials and dashboards for each service, you work through a single interface backed by server-side credential resolution. With Tolmo you can write SQL and Cypher queries against your organization’s infrastructure data, create and triage security findings, and send proxied requests to integrated services like GitHub, AWS, Linear, Sentry, and Datadog — without ever touching the underlying API credentials yourself. Access is scoped to your organization, and named profiles let you switch between environments without re-authenticating. Tolmo is built for security engineers, platform teams, and developers who want scriptable, automatable access to their organization’s security posture from the command line.

Key capabilities

SQL & Cypher Queries

Run SQL queries against the organization database and Cypher queries against the infrastructure graph. Use temporal fields like firstSeenAt and lastSeenAt to track resource changes over time.

Security Findings

Create, update, triage, and delete security findings with full lifecycle management — severity levels, visibility controls, status transitions, and an audit trail of every status change.

Connected Service Proxying

Send proxied REST and GraphQL requests to GitHub, AWS, Linear, Sentry, and Datadog through the backend. The platform resolves credentials server-side so they never reach your machine.

Repository Management

List and clone repositories from your organization’s storage. Supports GitHub and GitLab URLs, subdirectory clones, and bulk clone operations.

Threat Models

List threat model pipeline runs, download the latest run or a specific scan, and retrieve individual pipeline steps for detailed analysis.

Datadog Monitors

Create, update, and delete Datadog monitors that the platform manages on behalf of your org. Every monitor is tagged managed-by:tolmo and credentials are stored securely in the backend — they never reach your machine.

Agent Skills Integration

Install the Tolmo skill into Claude Code and other agent directories with tolmo skill install. Configure OTEL telemetry for Claude Code tool calls and assistant messages via tolmo setup claude-code.

Organization Management

List all organizations you have access to and switch your active organization with tolmo org switch. Override the active org for any single command using the --org flag.

How it works

When you run a Tolmo command, the CLI authenticates your request against the Tolmo backend using a stored profile or environment-variable token. The backend then resolves any third-party credentials — GitHub App tokens, AWS role credentials, Datadog API keys — from its own encrypted store and proxies the request on your behalf. Those credentials never leave the backend, so you never need to configure them locally. Access is organized around organizations. Each profile is tied to an organization slug, and every query, finding, or proxy call runs in that organization’s context. You can override the active organization for a single command with --org <slug>, or maintain separate named profiles for different orgs and environments (production, staging, and so on). Named profiles are stored in ~/.tolmo/ and selected via the --profile flag or the TOLMO_PROFILE environment variable. In CI/CD pipelines you can skip profiles entirely and authenticate using TOLMO_API_TOKEN and TOLMO_ORG_SLUG environment variables.

Next steps

Install Tolmo

Install the CLI via Homebrew, the install script, or a Debian package on macOS or Linux.

Documentation Index

​What is Tolmo?

​Key capabilities