diff --git a/employment-tasks/devops/notbad-task/README.md b/employment-tasks/devops/notbad-task/README.md
index 7da5038ca..4d7e27ab2 100644
--- a/employment-tasks/devops/notbad-task/README.md
+++ b/employment-tasks/devops/notbad-task/README.md
@@ -16,16 +16,7 @@ You need at least:
 ## The tasks
 1) We have a Terraform securitygroups.tf file. Every time Terraform runs, it says the security group in that file will be updated in place. Find a way to prevent this.  
 
-2) Get the keycloak-test.tar.gz archive. What we can improve?
-
-**2.1 Pull the archive from S3 bucket via `wget`**
-
-```bash
-wget https://lookinlabs-contribution-data.s3.eu-west-1.amazonaws.com/keycloak-test.tar.gz
-```
-
-**2.2 Find what can be improved in `keycloak-test.tar.gz`**
-
+2) Look into keycloak folder. What can be improved?
     
 3) Provide infrastructure and create CI/CD with a web app that will listen to 8089 port and return "ReallyNotBad" string when POST request contains header "NotBad" with value "true", eg. `curl -X POST -H "NotBad: true" https://someurl:8089/` should return "ReallyNotBad".
 Use any technology you want to deploy the application to AWS. It can be Ansible, Terraform, etc. or a combination of some of them.
diff --git a/employment-tasks/devops/notbad-task/keycloak/.gitignore b/employment-tasks/devops/notbad-task/keycloak/.gitignore
new file mode 100644
index 000000000..4c49bd78f
--- /dev/null
+++ b/employment-tasks/devops/notbad-task/keycloak/.gitignore
@@ -0,0 +1 @@
+.env
diff --git a/employment-tasks/devops/notbad-task/keycloak/README.md b/employment-tasks/devops/notbad-task/keycloak/README.md
new file mode 100644
index 000000000..5f63126e3
--- /dev/null
+++ b/employment-tasks/devops/notbad-task/keycloak/README.md
@@ -0,0 +1,6 @@
+# alpeso-test
+alpeso-test
+
+## How-to use
+
+Simple run ```./keycloack.sh test test1``` where test = keycloak user id and test1 = keycloak client secret.
diff --git a/employment-tasks/devops/notbad-task/keycloak/keycloak.sh b/employment-tasks/devops/notbad-task/keycloak/keycloak.sh
new file mode 100755
index 000000000..3eadf9ef5
--- /dev/null
+++ b/employment-tasks/devops/notbad-task/keycloak/keycloak.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+CLIENTID=$1
+CLIENTSECRET=$2
+
+TOKEN=$(curl -k -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Basic $(echo -n ${CLIENTID}:${CLIENTSECRET} | base64 )" --data "grant_type=client_credentials" "http://mydomain.com/auth/realms/myrealm/protocol/openid-connect/token" -s | jq -r .access_token)
+
+echo $TOKEN