Hello @bharat uniyal,
Yes, it is possible to roll over a single DEK. You can use KMS REST API to do this. (Source - search for 'Rollover Key'). Once a key is rolled over, all the subsequent operation will use the new key.
As for DEK expiry, unfortunately Hadoop KMS does not support expiry of the keys. So you can not set expiry on the keys.
Hope this helps !
I should have been more specific.
I know that we can rollover an ecryption zone key(EZK) but, I also wanted to understand if there is a way to expire or rollover a file level DEK if in case I want to change or remove compromised file level DEKs.