The existing procedure for the switch over from a local master encryption key to a KMIP master encryption key for the Encryption-at-Rest feature requires a wipe-out of the dbPath in the server, followed by a resync.

Given the size of replica sets in the field, it makes sense to extend the existing KMIP key rotation feature (SERVER-19845), so the customers can move between KMIP and local encryption keys back and forth, avoiding the initial sync procedure. This will save time and data transfer costs.