6 files changed, 38 insertions, 2 deletions
diff --git a/buildscripts/resmokeconfig/suites/sharding_continuous_config_stepdown.yml b/buildscripts/resmokeconfig/suites/sharding_continuous_config_stepdown.yml
index 9ddd6b19111..37c1d3df880 100644
--- a/buildscripts/resmokeconfig/suites/sharding_continuous_config_stepdown.yml
+++ b/buildscripts/resmokeconfig/suites/sharding_continuous_config_stepdown.yml
@@ -85,6 +85,7 @@ selector:
   - jstests/sharding/shard_identity_config_update.js
   - jstests/sharding/mongos_does_not_gossip_logical_time_without_keys.js
   - jstests/sharding/key_rotation.js
+  - jstests/sharding/keys_rotation_interval_sec.js
   # Runs setShardVersion/getShardVersion against the config server and we don't support retries
   # for this command
   - jstests/sharding/major_version_check.js
diff --git a/buildscripts/resmokeconfig/suites/sharding_last_stable_mongos_and_mixed_shards.yml b/buildscripts/resmokeconfig/suites/sharding_last_stable_mongos_and_mixed_shards.yml
index 1bd0907f6b1..44f46244ea7 100644
--- a/buildscripts/resmokeconfig/suites/sharding_last_stable_mongos_and_mixed_shards.yml
+++ b/buildscripts/resmokeconfig/suites/sharding_last_stable_mongos_and_mixed_shards.yml
@@ -34,6 +34,7 @@ selector:
   - jstests/sharding/advance_logical_time_with_valid_signature.js
   # New feature in v3.6 mongo shell.
   - jstests/sharding/causal_consistency_shell_support.js
+  - jstests/sharding/keys_rotation_interval_sec.js
   # Changes to currentOp format in 3.6.
   - jstests/sharding/features3.js
   - jstests/sharding/migration_ignore_interrupts_3.js
diff --git a/jstests/sharding/keys_rotation_interval_sec.js b/jstests/sharding/keys_rotation_interval_sec.js
new file mode 100644
index 00000000000..213c95f2f87
--- /dev/null
+++ b/jstests/sharding/keys_rotation_interval_sec.js
@@ -0,0 +1,29 @@
+/**
+ * Test that the keys on config server are rotated according to the KeysRotationIntervalSec value
+ */
+
+(function() {
+    "use strict";
+    const kRotationInterval = 30;
+    let st = new ShardingTest({
+        mongos: 1,
+        shards: {rs0: {nodes: 2}},
+        mongosWaitsForKeys: true,
+        other: {configOptions: {setParameter: "KeysRotationIntervalSec=30"}}
+    });
+
+    let keys = st.s.getDB("admin").system.keys.find();
+    let maxExpireTime = Timestamp(Date.now() / 1000 + kRotationInterval * 2, 0);
+
+    assert(keys.count() >= 2);
+    keys.toArray().forEach(function(key, i) {
+        assert.hasFields(
+            key,
+            ["purpose", "key", "expiresAt"],
+            "key document " + i + ": " + tojson(key) + ", did not have all of the expected fields");
+        assert.lte(bsonWoCompare(key.expiresAt, maxExpireTime),
+                   0,
+                   "key document " + i + ": " + tojson(key) + "expiresAt value is greater than: " +
+                       maxExpireTime);
+    });
+})();
diff --git a/src/mongo/db/keys_collection_manager.cpp b/src/mongo/db/keys_collection_manager.cpp
index c309e30bc1f..e91d9af8dad 100644
--- a/src/mongo/db/keys_collection_manager.cpp
+++ b/src/mongo/db/keys_collection_manager.cpp
@@ -45,6 +45,7 @@
 
 namespace mongo {
 
+const Seconds KeysCollectionManager::kKeyValidInterval{3 * 30 * 24 * 60 * 60};  // ~3 months
 namespace {
 
 Milliseconds kDefaultRefreshWaitTime(30 * 1000);
diff --git a/src/mongo/db/keys_collection_manager.h b/src/mongo/db/keys_collection_manager.h
index 9333ba284d9..53de6257b32 100644
--- a/src/mongo/db/keys_collection_manager.h
+++ b/src/mongo/db/keys_collection_manager.h
@@ -53,6 +53,8 @@ class ShardingCatalogClient;
  */
 class KeysCollectionManager {
 public:
+    static const Seconds kKeyValidInterval;
+
     KeysCollectionManager(std::string purpose,
                           ShardingCatalogClient* client,
                           Seconds keyValidForInterval);
diff --git a/src/mongo/s/sharding_initialization.cpp b/src/mongo/s/sharding_initialization.cpp
index 7bd0e74ba90..7c1dddb4e2f 100644
--- a/src/mongo/s/sharding_initialization.cpp
+++ b/src/mongo/s/sharding_initialization.cpp
@@ -89,6 +89,9 @@ MONGO_EXPORT_STARTUP_SERVER_PARAMETER(ShardingTaskExecutorPoolRefreshRequirement
 MONGO_EXPORT_STARTUP_SERVER_PARAMETER(ShardingTaskExecutorPoolRefreshTimeoutMS,
                                       int,
                                       ConnectionPool::kDefaultRefreshTimeout.count());
+MONGO_EXPORT_STARTUP_SERVER_PARAMETER(KeysRotationIntervalSec,
+                                      int,
+                                      KeysCollectionManager::kKeyValidInterval.count());
 
 namespace {
 
@@ -100,7 +103,6 @@ using executor::ShardingTaskExecutor;
 
 static constexpr auto kRetryInterval = Seconds{2};
 const std::string kKeyManagerPurposeString = "SigningClusterTime";
-const Seconds kKeyValidInterval(3 * 30 * 24 * 60 * 60);  // ~3 months
 
 auto makeTaskExecutor(std::unique_ptr<NetworkInterface> net) {
     auto netPtr = net.get();
@@ -236,7 +238,7 @@ Status initializeGlobalShardingState(OperationContext* opCtx,
     }
 
     auto keyManager = stdx::make_unique<KeysCollectionManager>(
-        kKeyManagerPurposeString, grid->catalogClient(opCtx), kKeyValidInterval);
+        kKeyManagerPurposeString, grid->catalogClient(opCtx), Seconds(KeysRotationIntervalSec));
     keyManager->startMonitoring(opCtx->getServiceContext());
 
     LogicalTimeValidator::set(opCtx->getServiceContext(),