diff --git a/Taskfile.yml b/Taskfile.yml
index 72ca9ff..2e65e0b 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -71,7 +71,7 @@ tasks:
         docker run
         --rm
         -u {{.USER_ID}}:{{.GROUP_ID}}
-        -v $PWD/app:/app
+        -v $PWD:/app
         -w /app
         pyfound/black:latest_release
         black .
diff --git a/ansible/configuration.yml b/ansible/configuration.yml
index a4bdfb9..e49f5c7 100644
--- a/ansible/configuration.yml
+++ b/ansible/configuration.yml
@@ -10,6 +10,7 @@
     nomie_port: "{{ base_port + 6 }}"
     nomie_db_port: "{{ base_port + 7 }}"
     gitea_port: "{{ base_port + 8 }}"
+    keycloak_port: "{{ base_port + 9 }}"
   vars_files:
     - vars/vars.yml
 
@@ -171,3 +172,24 @@
           USER_GID: '{{ uc_result.group }}'
       tags:
         - apps
+
+    - import_role:
+        name: docker-app
+      vars:
+        username: keycloak
+        extra_groups:
+          - docker
+        ssh_keys:
+          - '{{ lookup("file", "files/av_id_rsa.pub") }}'
+        env:
+          PROJECT_NAME: keycloak
+          DOCKER_PREFIX: keycloak
+          IMAGE_PREFIX: keycloak
+          CONTAINER_PREFIX: keycloak
+          WEB_SERVER_PORT: '127.0.0.1:{{ keycloak_port }}'
+          KEYCLOAK_ADMIN: '{{ keycloak.admin_login }}'
+          KEYCLOAK_ADMIN_PASSWORD: '{{ keycloak.admin_password }}'
+          USER_UID: '{{ uc_result.uid }}'
+          USER_GID: '{{ uc_result.group }}'
+      tags:
+        - apps
diff --git a/ansible/templates/Caddyfile.j2 b/ansible/templates/Caddyfile.j2
index 1eb5632..db359c4 100644
--- a/ansible/templates/Caddyfile.j2
+++ b/ansible/templates/Caddyfile.j2
@@ -62,3 +62,11 @@ git.vakhrushev.me {
         to 127.0.0.1:{{ gitea_port }}
     }
 }
+
+kk.vakhrushev.me {
+    tls anwinged@ya.ru
+
+    reverse_proxy {
+        to 127.0.0.1:{{ keycloak_port }}
+    }
+}
diff --git a/ansible/vars/vars.yml b/ansible/vars/vars.yml
index d75c062..791464b 100644
--- a/ansible/vars/vars.yml
+++ b/ansible/vars/vars.yml
@@ -1,26 +1,30 @@
 $ANSIBLE_VAULT;1.1;AES256
-64633761653833666663633233393164376238316564663434623333333738393637313836353831
-6165306432626631303432376563326631616262393964640a333936663761353763386563316337
-64646531343532393430663066336564353464393465386337656132363361396435363266666462
-3032346163626366300a353139386236386466383931356533366565613231363561653830653735
-36636661386636633533366332656536366636373366666633396538623030383339363462363531
-35666362303865343231613639343262373832393062366437633036393036613531643266356334
-30336163383130613933383333626131306666623534373866653530366664383138303131376534
-32666336643965323431643465633232656465313230346663653266313962643761303731326338
-32366566666463663165366538386236383039326433346632336263663566613362333639643439
-34363863653132333963643934313633626565333063333965623036646265393532666135346237
-62356239383937383362623135306531616134653036346664346437363335393061636539306233
-66653433333134623130613330643465313837303233303761383031373733353838393532626635
-38623632636237353932663834643962646663306563376333306235363137356131636537373864
-34343936633330383561373437613261623162303632333161316163343239303839323231366230
-62343938666566626538653765333138633865333637653135343361623532636562313035383639
-64316137656364356237303232616431333439353564626233393830393761646131356466353166
-30643634323563303734303765663835303864313237646238363134376565663765376664623066
-66616437393739633166306333313535623637323838363665393735646537666563333766626235
-62306264313238383033303633653061313137613331333737343333386634323661653765653337
-39386132306561663562643836323831363937613631303066313439353734373263393963316631
-65303462653035643465393862636532353330313037633264353863343837363361646634663732
-66313838643564346139363831366232616462633865343638636437323439316132363034663534
-62393664353066313361366430396166653435393539343530303237363562653834653230366337
-31643639343436366664663137623235613963636265623335383734326233323263336437313435
-6434
+65666138373239633935333762383264653866666535303063643966366333633365303136306464
+6433303436326365376437636166303038373338323937640a373130323236646165643930303838
+30626361316164373263353838636134663966323337323262386664663066373935313366643037
+3435363363663737640a353539323331653461383833323332306539643535653934333335656232
+62306234353264663337616336313432393631623662396634653931363466303466346138376333
+37373564663163666333383837386564613530663266636535626534613135623438633664663035
+62653261396565353763346466623537663562323031383162323566316233336636623231316362
+35363330366662626636626435656464333862373562396231316661653733383132633238353133
+61383566636239393865336264336130633934636361323336333238666436623963386337623261
+30323962623966373636646635306637386537393263356335323464346434386662626436613163
+62343736326362663539653234303432316230613231326231363838623735326666333239333562
+39353061626166353239626330326162343736336463393236646164323163313062656563616532
+66336633363535623536636237313431396134316161356464633533656637336630383130346464
+66373363336238393866633364326564666438346335633464646461643035663164643261353265
+35306632383532653333313033313034326165343062303033333934613566316539323031373039
+34643637303562613766663562626237613231336639376563356533393965333362653266316263
+34656238646638663962666430356263383838653061613135303738386336343630346561653032
+32626633663939323265373430323134306461396335633135663836393934396630373963623733
+34303531626165396662386362663863313537646466353537366532653563393261336661666233
+63636238626661396437336663643432363438376431356337663664303132313931613632353937
+61646338323738386363333837313239363734633536623766343331396232646465303661333761
+62393462373231323737663263343835393464656438343530343539383437666263326134663535
+38383632653364373437303638333037646566376465646537303964386335346463313639613231
+39643766386265643032353033623831643037313631663861663737313635313838663739373466
+34343561303465376264383939343766613531376263353061396134383931306635616337383063
+33343464613732363038613538626134366266366338313064633165343530623932646639626431
+62316535633132313837396461386663616531373161396238333362346265323065393334616539
+65326635326662613963313562316634656134366636333631393838333338643564646566326665
+3564
diff --git a/app/keycloak/.env b/app/keycloak/.env
new file mode 100644
index 0000000..8d871f4
--- /dev/null
+++ b/app/keycloak/.env
@@ -0,0 +1,5 @@
+WEB_SERVER_PORT=9595
+KEYCLOAK_ADMIN=admin
+KEYCLOAK_ADMIN_PASSWORD=password
+USER_UID=1000
+USER_GID=1000
diff --git a/app/keycloak/.gitignore b/app/keycloak/.gitignore
new file mode 100644
index 0000000..8fce603
--- /dev/null
+++ b/app/keycloak/.gitignore
@@ -0,0 +1 @@
+data/
diff --git a/app/keycloak/docker-compose.prod.yml b/app/keycloak/docker-compose.prod.yml
new file mode 100644
index 0000000..6d32b59
--- /dev/null
+++ b/app/keycloak/docker-compose.prod.yml
@@ -0,0 +1,24 @@
+version: "3"
+
+# Images: https://quay.io/repository/keycloak/keycloak?tab=tags&tag=latest
+# Configuration: https://www.keycloak.org/server/all-config
+
+# NB
+# - На проде были проблемы с правами к директории data, пришлось выдать 777
+# - Переменную KC_HOSTNAME_ADMIN_URL нужно указать вместе с KC_HOSTNAME_URL, иначе будут ошибки 403
+
+services:
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:24.0.4
+    command: ["start-dev"]
+    restart: unless-stopped
+    environment:
+      KEYCLOAK_ADMIN: "${KEYCLOAK_ADMIN}"
+      KEYCLOAK_ADMIN_PASSWORD: "${KEYCLOAK_ADMIN_PASSWORD}"
+      KC_HOSTNAME_URL: "https://kk.vakhrushev.me"
+      KC_HOSTNAME_ADMIN_URL: "https://kk.vakhrushev.me"
+    ports:
+      - "${WEB_SERVER_PORT}:8080"
+    volumes:
+      - "./data:/opt/keycloak/data"
diff --git a/app/keycloak/docker-compose.yml b/app/keycloak/docker-compose.yml
new file mode 100644
index 0000000..47ed88a
--- /dev/null
+++ b/app/keycloak/docker-compose.yml
@@ -0,0 +1,18 @@
+version: "3"
+
+# Images: https://quay.io/repository/keycloak/keycloak?tab=tags&tag=latest
+# Configuration: https://www.keycloak.org/server/all-config
+
+services:
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:24.0.4
+    command: ["start-dev"]
+    restart: unless-stopped
+    environment:
+      KEYCLOAK_ADMIN: "${KEYCLOAK_ADMIN}"
+      KEYCLOAK_ADMIN_PASSWORD: "${KEYCLOAK_ADMIN_PASSWORD}"
+    ports:
+      - "${WEB_SERVER_PORT}:8080"
+    volumes:
+      - "./data:/opt/keycloak/data"
diff --git a/app/tasks.py b/tasks.py
similarity index 79%
rename from app/tasks.py
rename to tasks.py
index 9c86e8d..0a6a0ac 100644
--- a/app/tasks.py
+++ b/tasks.py
@@ -3,7 +3,7 @@ import shlex
 import fabric
 from invoke import task
 
-SERVER_HOST_FILE = "../ansible/hosts_prod"
+SERVER_HOST_FILE = "ansible/hosts_prod"
 DOKER_REGISTRY = "cr.yandex/crplfk0168i4o8kd7ade"
 
 
@@ -17,6 +17,11 @@ def deploy_wiki(context):
     deploy("wiki")
 
 
+@task(name="deploy:keycloak")
+def deploy_wiki(context):
+    deploy("keycloak", compose_file="docker-compose.prod.yml", dirs=["data"])
+
+
 def read_host():
     with open(SERVER_HOST_FILE) as f:
         return f.read().strip()
@@ -26,8 +31,8 @@ def ssh_host(app_name):
     return f"{app_name}@{read_host()}"
 
 
-def deploy(app_name: str, dirs=None):
-    docker_compose = os.path.join(app_name, "docker-compose.yml")
+def deploy(app_name: str, compose_file="docker-compose.yml", dirs=None):
+    docker_compose = os.path.join("app", app_name, compose_file)
     assert os.path.exists(docker_compose)
     conn_str = ssh_host(app_name)
     dirs = dirs or []