diff --git a/addon/mongocrypt.cc b/addon/mongocrypt.cc
index 32f1a60..37c58da 100644
--- a/addon/mongocrypt.cc
+++ b/addon/mongocrypt.cc
@@ -571,6 +571,14 @@ MongoCrypt::MongoCrypt(const CallbackInfo& info) : ObjectWrap(info) {
         mongocrypt_setopt_bypass_query_analysis(mongo_crypt());
     }
 
+    if (options.Has("keyExpirationMS")) {
+        int64_t keyExpirationMS = options.Get("keyExpirationMS").ToNumber().Int64Value();
+        if (keyExpirationMS < 0) {
+            throw TypeError::New(Env(), "Option `keyExpirationMS` must be a non-negative number");
+        }
+        mongocrypt_setopt_key_expiration(mongo_crypt(), keyExpirationMS);
+    }
+
     mongocrypt_setopt_use_range_v2(mongo_crypt());
 
     mongocrypt_setopt_use_need_kms_credentials_state(mongo_crypt());
diff --git a/package.json b/package.json
index 3ab508a..11cd597 100644
--- a/package.json
+++ b/package.json
@@ -35,7 +35,7 @@
   },
   "license": "Apache-2.0",
   "gypfile": true,
-  "mongodb:libmongocrypt": "1.13.0",
+  "mongodb:libmongocrypt": "1.14.0",
   "dependencies": {
     "node-addon-api": "^4.3.0",
     "prebuild-install": "^7.1.3"
diff --git a/src/index.ts b/src/index.ts
index d75449a..ad03fab 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -67,6 +67,8 @@ type MongoCryptConstructorOptions = {
   cryptSharedLibSearchPaths?: string[];
   cryptSharedLibPath?: string;
   bypassQueryAnalysis?: boolean;
+  /** Configure the time to expire the DEK from the cache. */
+  keyExpirationMS?: number;
   /** TODO(NODE-6793): remove this option and have it always set in the next major */
   enableMultipleCollinfo?: boolean;
 };
diff --git a/test/unit/bindings.test.ts b/test/unit/bindings.test.ts
index 7ee2243..75604c4 100644
--- a/test/unit/bindings.test.ts
+++ b/test/unit/bindings.test.ts
@@ -97,6 +97,24 @@ describe('MongoCryptConstructor', () => {
     });
   });
 
+  describe('options.keyExpirationMS', () => {
+    context('when the number is positive', () => {
+      it('does not error', () => {
+        expect(
+          new MongoCrypt({ kmsProviders: serialize({ aws: {} }), keyExpirationMS: 1000000 })
+        ).to.be.instanceOf(MongoCrypt);
+      });
+    });
+
+    context('when the number is negative', () => {
+      it('throws an error', () => {
+        expect(() => {
+          new MongoCrypt({ kmsProviders: serialize({ aws: {} }), keyExpirationMS: -1000000 });
+        }).to.throw(/must be a non-negative number/);
+      });
+    });
+  });
+
   describe('options.encryptedFieldsMap', () => {
     it('throws when provided and not a Uint8Array', () => {
       expect(