We consider Bitwarden as a passwords keeper for our project with the main goal to have an ability to have separated access to secrets by user roles and/or ACLs.
I.e. Pass or KeePass are good for self-usage by one person but they have no main things – a normal web-interface and role-based access to data. There are 1Password/LastPass of course, but they keep data on their own servers which is not too good for me.
Bitwarden is Opensource and can be used as a Cloud-based version or can be installed on your own server.
It has personal Free-version and paid with additional features.
Besides the personal usage, it can be used for Business with user roles – will try it later.
The home page is here>>>.
The main things I did like in Bitwarden:
- has desktop applications for для Linux, macOS, Windows
- all browsers extensions
- applications for Android and iOS
- RESTful API (in Enterprise version), i.e. theoretically can be used from Jenkins to populate its secrets
- has CLI utilities
- MFA authorization
- roles/groups based access (Enterprise version)
- File Storage
- data import from other passwords managers (Chrome, KeePass, 1Password etc)
Quick installation documentation available here here>>> and full – here>>>.
In this post, Bitwarden will be installed on an AWS EC2 instance with additional EBS volume mounted to /bitwarden where Bitwarden will store its data and which will be backed up by AWS Data Lifecycle Manager.
On the EC2 will have NGINX running as a frontend and SSL sessions with a certificate from Let’s Encrypt will be terminated here.
Although Bitwarden is running in a Docker Compose stack with its own NGINX and Let’s Encrypt certificates support – I’ll do it in a more traditional way, i.e. NGINX on a host will proxy requests to the NGINX in the Bitwarden’s stack, and this NGINX in its turn will proxy requests to its internal services.
Contents
- AWS
- Creating EC2
- Creating EBS
- Security Group
- Mounting EBS
- DNS
- The host’s set up
- Let’s Encrypt
- NGINX
- Docker and Docker Compose
- Bitwarden installation
- Bitwarden configuration
- Email configuration
- Registration in the Bitwarden
- Bitwarden Admin and users
- Users settings
- Working with Bitwarden
- Chrome plugin
- Linux desktop
- Import from KeePass
- Multi-factor authorization
- Backuping and restoring Bitwarden storage
AWS
Creating EC2
Will use Debian here. AMIs can be found here>>>.
At first, I started t3.nano but this wasn’t enough – an instance just hangs up after starting Bitwarden which is not surprising knowing that fact that it uses MSSQL and has 9 containers running. And Bitwarden itself is Bitwarden is .NET application written in C#.
Run an EC2 with the t3.medium type:
$ aws --profile bm-backend ec2 run-instances --region eu-west-1 --image-id ami-01820e22b83de8d0d --key-name setevoy-testing --instance-type t3.medium --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=bitwarden-dev}]' Get its Availability Zone:
$ aws --profile bm-backend ec2 describe-instances --region eu-west-1 --filters "Name=tag:Name,Values=bitwarden-dev" --query "Reservations[\*].Instances[\*].[Placement.AvailabilityZone]" --output text eu-west-1a Creating EBS
Create an EBS volume (by default the standard i.e. HDD will be used, if you want to have SSD – add --volume-type gp2):
$ aws --profile bm-backend ec2 create-volume --region eu-west-1 --availability-zone eu-west-1a --size 5 --tag-specifications 'ResourceType=volume,Tags=[{Key=Name,Value=bitwarden-dev-ebs}]' Here we set the same region (--region eu-west-1) and the same Availability Zone (--availability-zone eu-west-1a) where the ЕС2 was started and the disk size is 5 GiB.
Get this EBS ID:
$ aws --profile bm-backend ec2 describe-volumes --region eu-west-1 --filters "Name=tag:Name,Values=bitwarden-dev-ebs" --query "Volumes[\*].VolumeId" --output text vol-0621e68897eb2a3d8 And ID of the EC2:
$ aws --profile bm-backend ec2 describe-instances --region eu-west-1 --filters "Name=tag:Name,Values=bitwarden-dev" --query "Reservations[\*].Instances[\*].InstanceId" --output text i-0ac18e298768e2c4b Attach this EBS to the EC2:
$ aws --profile bm-backend ec2 attach-volume --region eu-west-1 --volume-id vol-0621e68897eb2a3d8 --instance-id i-0ac18e298768e2c4b --device xvdb Security Group
Create a Security Group – here via WebUI to make it quickly.
During creating this SG pay attention on a VPC ID – must be the same as used for your EC2:
Allow access to the 80 port from anywhere to make Let’s Encrypt authorization working.
443 and 22 ports allowed from our office only.
Attache this SG to the EC2 – Networking > Change Security Group:
Mounting EBS
Log in to the server:
$ ssh admin@34.240.14.78 -i setevoy-testing-eu-west-1.pem Check disks:
$ admin@ip-172-31-36-249:~$ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT nvme0n1 259:0 0 8G 0 disk └─nvme0n1p1 259:1 0 8G 0 part / nvme1n1 259:2 0 5G 0 disk nvme1n1 is our EBS.
Create /bitwarden directory:
admin@ip-172-31-36-249:~$ sudo -s root@ip-172-31-36-249:/home/admin# mkdir /bitwarden Create a partition on the /dev/nvme1n1:
root@ip-172-31-36-249:/home/admin# sgdisk -n 1 /dev/nvme1n1 Creating new GPT entries. The operation has completed successfully. Create a file system:
root@ip-172-31-36-249:/home/admin# mkfs.ext4 /dev/nvme1n1p1 Check partitions now:
root@ip-172-31-36-249:/home/admin# fdisk /dev/nvme1n1 ... Device Start End Sectors Size Type /dev/nvme1n1p1 2048 10485726 10483679 5G Linux filesystem Mount it to the /bitwarden:
root@ip-172-31-36-249:/home/admin# mount /dev/nvme1n1p1 /bitwarden/ root@ip-172-31-36-249:/home/admin# ls -l /bitwarden/ total 16 drwx------ 2 root root 16384 Apr 30 10:15 lost+found Get partition’s ID:
root@ip-172-31-36-249:/home/admin# blkid /dev/nvme1n1p1 /dev/nvme1n1p1: UUID="5e3972d4-c742-4224-80d6-8239e5201ae1" TYPE="ext4" PARTUUID="929f264c-ac03-4f9f-9071-056c1511de0e" Using this UUID add a new mount point to the /etc/fstab with the --nofail option:
root@ip-172-31-36-249:/home/admin# cat /etc/fstab UUID=3866caa4-0449-4478-899b-60eb6f71dd26 / ext4 rw,discard,errors=remount-ro 0 1 UUID="5e3972d4-c742-4224-80d6-8239e5201ae1" /bitwarden ext4 nofail 0 0 Unmount partition mounted manually:
root@ip-172-31-36-249:/home/admin# umount /bitwarden/ And mount it back using fstab:
root@ip-172-31-36-249:/home/admin# mount -a Check:
root@ip-172-31-36-249:/home/admin# findmnt /bitwarden/ TARGET SOURCE FSTYPE OPTIONS /bitwarden /dev/nvme1n1p1 ext4 rw,relatime,data=ordered Can reboot instance now to check mount works properly now.
Also, install all updates:
root@ip-172-31-36-249:/home/admin# apt update && apt -y upgrade && reboot DNS
Create a domain name to be used:
The host’s set up
Let’s Encrypt
Install client:
root@ip-172-31-36-249:/home/admin# apt install -y git root@ip-172-31-36-249:/home/admin# git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt Get a certificate using standalone authenticator:
root@ip-172-31-36-249:/home/admin# /opt/letsencrypt/letsencrypt-auto certonly -d dev.bitwarden.setevoy.org.ua Saving debug log to /var/log/letsencrypt/letsencrypt.log How would you like to authenticate with the ACME CA? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Spin up a temporary webserver (standalone) 2: Place files in webroot directory (webroot) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 Plugins selected: Authenticator standalone, Installer None Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): admin@example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: N Obtaining a new certificate Performing the following challenges: http-01 challenge for dev.bitwarden.setevoy.org.ua Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/dev.bitwarden.setevoy.org.ua/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/dev.bitwarden.setevoy.org.ua/privkey.pem ... NGINX
Install NGINX:
root@ip-172-31-36-249:/home/admin# apt -y install nginx Generate a key for the SSL:
root@ip-172-31-36-249:/home/admin# openssl dhparam -out /etc/nginx/dhparams.pem 2048 Add a virtual host’s config – /etc/nginx/conf.d/dev.bitwarden.setevoy.org.ua.conf:
server { listen 80; server_name dev.bitwarden.setevoy.org.ua; # Lets Encrypt Webroot location ~ /.well-known { root /var/www/html; allow all; } location / { # office1 allow 194.***.***.24/29; # office2 allow 91.***.***.78/32; # arseny home allow 188.***.***.48/32; deny all; return 301 https://dev.bitwarden.setevoy.org.ua; } } server { listen 443 ssl; server_name dev.bitwarden.setevoy.org.ua; root /var/www/html; access_log /var/log/nginx/dev.bitwarden.setevoy.org.ua-access.log; error_log /var/log/nginx/dev.bitwarden.setevoy.org.ua-error.log warn; # office1 allow 194.***.***.24/29; # office2 allow 91.***.***.78/32; # arseny home allow 188.***.***.48/32; deny all; ssl_certificate /etc/letsencrypt/live/dev.bitwarden.setevoy.org.ua/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/dev.bitwarden.setevoy.org.ua/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/dhparams.pem; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; ssl_session_timeout 1d; ssl_stapling on; ssl_stapling_verify on; location / { proxy_pass http://localhost:8000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 0; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; add_header Referrer-Policy "same-origin"; } } Check its syntax and reload configs:
root@ip-172-31-36-249:/home/admin# nginx -t && systemctl reload nginx nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful Check:
root@ip-172-31-36-249:/home/admin# curl -vL dev.bitwarden.setevoy.org.ua ... * Connected to dev.bitwarden.setevoy.org.ua (34.240.14.78) port 80 (#0) < HTTP/1.1 301 Moved Permanently ... < Location: https://dev.bitwarden.setevoy.org.ua ... curl: (7) Failed to connect to dev.bitwarden.setevoy.org.ua port 443: Connection timed out All good.
Connection timed out – as we have no backend running yet.
Docker and Docker Compose
To run Bitwarden need to have Docker and Docker Compose – install them.
Docker:
root@ip-172-31-36-249:/home/admin# curl -L get.docker.com | bash Check:
root@ip-172-31-36-249:/home/admin# docker -v Docker version 18.09.5, build e8ff056dbc Add the admin user to the docker group:
root@ip-172-31-36-249:/home/admin# usermod -aG docker admin Install Docker Compose:
root@ip-172-31-36-249:/home/admin# curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose root@ip-172-31-36-249:/home/admin# chmod +x /usr/local/bin/docker-compose root@ip-172-31-36-249:/home/admin# docker-compose -v docker-compose version 1.24.0, build 0aa59064 Bitwarden installation
Go to the bitwarden.com/host and get keys:
Each Bitwarden needs to have own set of those keys.
Download installation, configuration, and management script:
root@ip-172-31-36-249:/home/admin# cd /bitwarden/ root@ip-172-31-36-249:/bitwarden# curl -s -o bitwarden.sh https://raw.githubusercontent.com/bitwarden/core/master/scripts/bitwarden.sh root@ip-172-31-36-249:/bitwarden# chmod +x bitwarden.sh This script will download files from the https://github.com/bitwarden/server repository and then will call the https://github.com/bitwarden/server/blob/master/scripts/run.sh script with the install option.
All options for the bitwarden.sh:
| Command | Description | | --- | --- | | install | Start the installer. | | start | Start all containers. | | restart | Restart all containers (same as start). | | stop | Stop all containers. | | updatedb | Update/initialize the database. | | update | Update all containers and the database. | | updateself | Update this main script. | | rebuild | Rebuild generated installation assets from `config.yml`. | Start installation:
root@ip-172-31-36-249:/bitwarden# ./bitwarden.sh install ... (!) Enter the domain name for your Bitwarden instance (ex. bitwarden.company.com): dev.bitwarden.setevoy.org.ua (!) Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n): n 1.30.1: Pulling from bitwarden/setup ... Status: Downloaded newer image for bitwarden/setup:1.30.1 ... (!) Enter your installation id (get at https://bitwarden.com/host): 46ec2f0b-\*\*\*-\*\*\*-aa3f00b8ab41 (!) Enter your installation key: OJ0\*\*\*fDD (!) Do you have a SSL certificate to use? (y/n): y ... (!) Is this a trusted SSL certificate (requires ca.crt, see docs)? (y/n): y Generating key for IdentityServer. Generating a RSA private key ... writing new private key to 'identity.key' ----- Building nginx config. Building docker environment files. Building docker environment override files. Building FIDO U2F app id. Building docker-compose.yml. Installation complete ... Next steps, run: `./bitwarden.sh start` Bitwarden configuration
The script will save all Bitwarden’s data to the bwdata directory:
root@ip-172-31-36-249:/bitwarden# ll total 24 -rwxr-xr-x 1 root root 2535 Apr 30 11:07 bitwarden.sh drwxr-xr-x 11 nobody nogroup 4096 Apr 30 11:13 bwdata root@ip-172-31-36-249:/bitwarden# ll bwdata/ total 40 drwxr-xr-x 2 nobody nogroup 4096 Apr 30 11:10 ca-certificates -rw-r--r-- 1 nobody nogroup 3323 Apr 30 11:13 config.yml drwxr-xr-x 2 nobody nogroup 4096 Apr 30 11:13 docker drwxr-xr-x 2 nobody nogroup 4096 Apr 30 11:13 env drwxr-xr-x 2 nobody nogroup 4096 Apr 30 11:13 identity drwxr-xr-x 2 nobody nogroup 4096 Apr 30 11:10 letsencrypt drwxr-xr-x 2 nobody nogroup 4096 Apr 30 11:13 nginx drwxr-xr-x 2 nobody nogroup 4096 Apr 30 11:10 scripts drwxr-xr-x 3 nobody nogroup 4096 Apr 30 11:13 ssl drwxr-xr-x 2 nobody nogroup 4096 Apr 30 11:13 web The main configuration file is the bwdata/config.yml.
Also, in the ./bwdata/env/global.override.env file additional variables can be set, will check them a bit later.
Docker Compose stack will be started using the ./bwdata/docker/docker-compose.yml file:
version: '3' services: mssql: image: bitwarden/mssql:1.30.1 container_name: bitwarden-mssql restart: always volumes: - ../mssql/data:/var/opt/mssql/data - ../logs/mssql:/var/opt/mssql/log - ../mssql/backups:/etc/bitwarden/mssql/backups env_file: - mssql.env - ../env/uid.env - ../env/mssql.override.env web: image: bitwarden/web:2.10.0 container_name: bitwarden-web restart: always volumes: - ../web:/etc/bitwarden/web env_file: - global.env - ../env/uid.env ... Update the config.yml file – disable SSL as we have own NGINX with SSL and change HTTP and HTTPS ports:
... # Docker compose file port mapping for HTTP. Leave empty to remove the port mapping. # Learn more: https://docs.docker.com/compose/compose-file/#ports http_port: 8000 # Docker compose file port mapping for HTTPS. Leave empty to remove the port mapping. # Learn more: https://docs.docker.com/compose/compose-file/#ports https_port: 8001 ... # Configure Nginx for SSL. ssl: false ... Update applications configs:
root@ip-172-31-36-249:/bitwarden# ./bitwarden.sh rebuild Start Bitwarden:
root@ip-172-31-36-249:/bitwarden# ./bitwarden.sh start ... Bitwarden is up and running! Check in a browser:
Check containers:
root@ip-172-31-36-249:/bitwarden# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b196ee0f81ff bitwarden/nginx:1.30.1 "/entrypoint.sh" About an hour ago Up About an hour 80/tcp, 0.0.0.0:5178->8080/tcp, 0.0.0.0:5179->8443/tcp bitwarden-nginx ef03f591491d bitwarden/admin:1.30.1 "/entrypoint.sh" About an hour ago Up About an hour 5000/tcp bitwarden-admin d4fa88921cce bitwarden/api:1.30.1 "/entrypoint.sh" About an hour ago Up About an hour 5000/tcp bitwarden-api 408c5f0bd370 bitwarden/notifications:1.30.1 "/entrypoint.sh" About an hour ago Up About an hour 5000/tcp bitwarden-notifications 9bec10bc09d8 bitwarden/icons:1.30.1 "/entrypoint.sh" About an hour ago Up About an hour 5000/tcp bitwarden-icons f87789cc4da4 bitwarden/mssql:1.30.1 "/entrypoint.sh" About an hour ago Up About an hour 1433/tcp bitwarden-mssql 143370f979c5 bitwarden/web:2.10.0 "/entrypoint.sh" About an hour ago Up About an hour 5000/tcp bitwarden-web acdc220a7c29 bitwarden/identity:1.30.1 "/entrypoint.sh" About an hour ago Up About an hour 5000/tcp bitwarden-identity 925d047b6321 bitwarden/attachments:1.30.1 "/entrypoint.sh" About an hour ago Up About an hour 5000/tcp bitwarden-attachments In those containers, Bitwarden will mount directories from the host, for example mssql:
root@ip-172-31-36-249:/bitwarden# docker inspect bitwarden-mssql | jq .[].Mounts [ { "Type": "bind", "Source": "/bitwarden/bwdata/logs/mssql", "Destination": "/var/opt/mssql/log", "Mode": "rw", "RW": true, "Propagation": "rprivate" }, { "Type": "bind", "Source": "/bitwarden/bwdata/mssql/data", "Destination": "/var/opt/mssql/data", "Mode": "rw", "RW": true, "Propagation": "rprivate" }, { "Type": "bind", "Source": "/bitwarden/bwdata/mssql/backups", "Destination": "/etc/bitwarden/mssql/backups", "Mode": "rw", "RW": true, "Propagation": "rprivate" } ] Thus for a backup will be enough just to store the bwdata catalog.
Email configuration
Email settings are set in the bwdata/env/global.override.env file.
We will use AWS SES, update variables:
... globalSettings__mail__replyToEmail=no-reply@example.com globalSettings__mail__smtp__host=email-smtp.us-east-1.amazonaws.com globalSettings__mail__smtp__port=587 globalSettings__mail__smtp__ssl=false globalSettings__mail__smtp__username=AKI***MJI globalSettings__mail__smtp__password=BKR***z2G ... Restart Bitwarden (rebuild needs to be done only after changes in the config.yml):
root@ip-172-31-36-249:/bitwarden# ./bitwarden.sh restart In case of email sending problems – check logs in the bwdata/logs/api/Api/ directory or from the bitwarden-api container
root@ip-172-31-36-249:/bitwarden# docker logs -f bitwarden-api Registration in the Bitwarden
Now you can register in your Bitwarden installation.
Click on the Create account:
Click Confirm.
Bitwarden Admin and users
Add an administrator mailbox to the bwdata/env/global.override.env file in the adminSettings__admins= field.
Note, that the documentation says:
These admin email addresses do not need to be registered with an account on your Bitwarden installation
After logging in with this mailbox – you’ll get an email with a link to proceed authorization to the admin page. This link will be valid for 15 minutes:
... adminSettings__admins=admin@example.com,anotheradmin@example.com ... Restart service:
root@ip-172-31-36-249:/bitwarden# ./bitwarden.sh restart And go to the https://dev.bitwarden.setevoy.org.ua/admin page:
Log in with the mailbox specified in the adminSettings__admins, get an email, go by the link:
Users settings
Log in using common Log In form and will see usual userspace:
In the Tools you can import data from various passwords managers like KeePass:
Adding passwords manually:
Getting a password:
Working with Bitwarden
Chrome plugin
Install Chrome extension from the Chrome webstore:
Click on the Settings:
Set your server’s URL:
Log in:
And get all your passwords directly from a browser:
Also, it will suggest storing passwords during logins as a usual passwords manager:
Linux desktop
I guess it has clients for any Linux-based systems
In Arch Linux can be installed from AUR:
$ yaourt -S bitwarden-bin And log in in the same way as in the Chrome extension:
Import from KeePass
Let’s check how import is working
In your KeePass export data to an XML file:
Then go to the Bitwarden – Tools > Import data:
Ready – even with directories structure:
Export can be done in the same way – you can upload data from Bitwarden in a JSON or CSV file and the CSV can be imported to a local KeePass. Such an additional backup.
Keep in mind that the exported file will have all passwords unencrypted.
Multi-factor authorization
MFA can be configured in My account – Two-step Login, everything in a standard way here:
Backuping and restoring Bitwarden storage
Nobody wants to lose an organization’s all passwords so let’s check how backup and restore will works.
As we have /bitwarden mounted from a dedicated EBS volume then it can be daily snapshotted by AWS Data Lifecycle Manager and then in case of problems – a new volume can be created and mounted to a new EC2 instance with a new Bitwarden installation.
So steps to check are, quickly:
- create a snapshot manually
- create a new EBS using this snapshot
- start a new ЕС2
- attach this EBS and mount it to the
/bitwarden - obtain a Let’s Encrypt Certificate
- install NGINX, set up a virtual host
- install Docker, Docker Compose
- if a domain was changed – update
/bitwarden/bwdata/config.yml, change theurlparameter - run
./bitwarden.sh rebuild - run
./bitwarden.sh start - …
- Profit!
That’s all for now.
When will get a trial license – will play with user’s and roles.
Top comments (0)