Configure PyKMIP on the Postgres Linux Server

PyKMIP has to be configured to use the client certificate generated by ESKM.

1. Log in to the Postgres Linux server as user enterprisedb.

   1. Log in as user enterprisedb and go to the home directory of enterprisedb.

2. Install the KMIP client and the CA certificates.

   1. Create the /etc/pykmip/certs directory
      $ sudo mkdir -p /etc/pykmip/certs

   2. Copy the private key, and the client and CA certificates to etc/pykmip/certs and rename them as described here:
      $ sudo cp client1.pem /etc/pykmip/certs/client_cert.pem
$ sudo cp client1.key /etc/pykmip/certs/client_private_key.pem
$ sudo cp cacert.pem /etc/pykmip/certs/server_ca_cert.pem

   3. Assign read permission to all users of the private key, the client, and CA certificates.
      $ sudo chmod a+r /etc/pykmip/certs/*

3. Create/update the Python environment variable.

   1. Open the enterprisedb user’s .bash_profile file and add the following line to it:
      $ export PYTHONPATH=$HOME/pykmip

   2. Source the file so the environment variable becomes available:
      $ source ~/.bash_profile

   3. Check if the environment variable is set by executing the command below:.
      $ echo $PYTHONPATH
      Expected output: var/lib/edb/pykmip

4. Copy policy and configuration files to pykmip.

   1. Copy the PyKMIP policy.json file to /etc/pykmip/policy.json.
      $ sudo cp ~/pykmip/examples/policy.json /etc/pykmip/policy.json

   2. Copy the PyKMIP pykmip.conf file to /etc/pykmip/pykmip.conf.
      $ sudo cp ~/pykmip/examples/pykmip.conf /etc/pykmip/pykmip.conf

5. Edit the pykmip configuration file /etc/pykmip/pykmip.conf.

pykmip.config file entries and changes to be made