diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4c0cf1f61..a8a5af5f3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Okta Node SDK Changelog
 
+# 6.6.1
+
+### Fixes
+
+- [#420](https://github.com/okta/okta-sdk-nodejs/pull/420) fix: upgrades `njwt` version to `2.0.1` to pull in [CVE-2024-34273](https://www.cve.org/CVERecord?id=CVE-2024-34273) resolution
+
 # 6.6.0
 
 ### Bug Fixes
diff --git a/package.json b/package.json
index ca51ce4ff..c1f73aad1 100644
--- a/package.json
+++ b/package.json
@@ -37,7 +37,7 @@
     "https-proxy-agent": "^5.0.0",
     "js-yaml": "^4.1.0",
     "lodash": "^4.17.20",
-    "njwt": "^1.0.0",
+    "njwt": "^2.0.1",
     "node-fetch": "^2.6.7",
     "parse-link-header": "^2.0.0",
     "rasha": "^1.2.5",
diff --git a/scripts/clean-resources.sh b/scripts/clean-resources.sh
index 61c79658f..b2416f8f9 100644
--- a/scripts/clean-resources.sh
+++ b/scripts/clean-resources.sh
@@ -3,10 +3,10 @@
 source ${OKTA_HOME}/${REPO}/scripts/setup.sh
 
 export OKTA_CLIENT_ORGURL=https://node-sdk-oie.oktapreview.com
-get_vault_secret_key devex/okta-sdk-nodejs-vars api_key OKTA_CLIENT_TOKEN
 export OKTA_CLIENT_CLIENTID=0oa1q34stxthm0zbJ1d7
-get_vault_secret_key devex/okta-sdk-nodejs-vars private_key OKTA_CLIENT_PRIVATEKEY
-get_vault_secret_key devex/okta-sdk-nodejs-vars username ORG_USER
+get_terminus_secret "/" api_key OKTA_CLIENT_TOKEN
+get_terminus_secret "/" private_key OKTA_CLIENT_PRIVATEKEY
+get_terminus_secret "/" username ORG_USER
 
 if ! yarn aftertest; then
   echo "Cleanup failed! Exiting..."
diff --git a/scripts/e2e.sh b/scripts/e2e.sh
index 69a8b3d4d..5ffa89616 100644
--- a/scripts/e2e.sh
+++ b/scripts/e2e.sh
@@ -3,9 +3,23 @@
 source ${OKTA_HOME}/${REPO}/scripts/setup.sh
 
 export OKTA_CLIENT_ORGURL=https://node-sdk-oie.oktapreview.com
-get_vault_secret_key devex/okta-sdk-nodejs-vars api_key OKTA_CLIENT_TOKEN
 export OKTA_CLIENT_CLIENTID=0oa1q34stxthm0zbJ1d7
-get_vault_secret_key devex/okta-sdk-nodejs-vars private_key OKTA_CLIENT_PRIVATEKEY
+get_terminus_secret "/" api_key OKTA_CLIENT_TOKEN
+get_terminus_secret "/" private_key E2E_PK
+get_terminus_secret "/" username ORG_USER
+
+HEADER="-----BEGIN RSA PRIVATE KEY-----"
+FOOTER="-----END RSA PRIVATE KEY-----"
+
+# NOTE: storing pem as secret results in newline characters becoming spaces, which
+# causes the pem to be malformed when used by tests. Below solves this issue
+pem=$(echo ${E2E_PK:31})                            # remove -----BEGIN prefix
+pem=$(echo "${pem% ${FOOTER}}")                     # remove -----END suffix
+# BEGIN / END need to be removed so all remaining spaces can be converted to newlines
+echo $HEADER > /tmp/e2e.pem                         # appends BEGIN header to tmp file
+echo "$pem" | tr " " "\n" >> /tmp/e2e.pem           # appends pem with spaces converted to newlines
+echo "$FOOTER" >> /tmp/e2e.pem                      # appends END footer to tmp file
+export OKTA_CLIENT_PRIVATEKEY=$(cat /tmp/e2e.pem)
 
 export TEST_SUITE_TYPE="junit"
 export TEST_RESULT_FILE_DIR="${REPO}/test-reports"
diff --git a/scripts/unit.sh b/scripts/unit.sh
index 15e6d5f69..7db088310 100644
--- a/scripts/unit.sh
+++ b/scripts/unit.sh
@@ -2,12 +2,11 @@
 
 source ${OKTA_HOME}/${REPO}/scripts/setup.sh
 
-aws s3 --quiet --region us-east-1 cp s3://ci-secret-stash/prod/okta-sdk-nodejs/privateKey.pem ${OKTA_HOME}/${REPO}/scripts/privateKey.pem
-
 export OKTA_CLIENT_ORGURL=https://node-sdk.okta.com
-export OKTA_CLIENT_TOKEN="$(aws s3 --quiet --region us-east-1 cp s3://ci-secret-stash/prod/okta-sdk-nodejs/apiKey /dev/stdout)"
 export OKTA_CLIENT_CLIENTID=0oa1jnkiuz6FCTchz4x7
-export OKTA_CLIENT_PRIVATEKEY=$(cat ${OKTA_HOME}/${REPO}/scripts/privateKey.pem)
+get_terminus_secret "/" api_key OKTA_CLIENT_TOKEN
+get_terminus_secret "/" private_key OKTA_CLIENT_PRIVATEKEY
+get_terminus_secret "/" username ORG_USER
 
 export TEST_SUITE_TYPE="junit"
 export TEST_RESULT_FILE_DIR="${REPO}/test-reports"
diff --git a/test/delete-resources.js b/test/delete-resources.js
index ee4b5974b..c0ff3d705 100644
--- a/test/delete-resources.js
+++ b/test/delete-resources.js
@@ -15,39 +15,68 @@ const client = new okta.Client({
 });
 
 async function cleanInlineHooks() {
-  const collection = await client.listInlineHooks();
-  collection.each(async (inlineHook) => {
+  const collection = client.listInlineHooks();
+  await collection.each(async (inlineHook) => {
 
     await inlineHook.deactivate();
     await inlineHook.delete();
   });
 }
 
-function cleanAuthorizationServers() {
-  client.listAuthorizationServers().each(
-    authorizationServer => {
-      authorizationServer.delete();
+async function cleanDomains() {
+  const domains = (await client.listDomains()).domains;
+  for (const domain of domains) {
+    if (domain.certificateSourceType === 'MANUAL') {
+      await client.deleteDomain(domain.id);
+    }
+  }
+}
+
+async function cleanAuthorizationServers() {
+  await client.listAuthorizationServers().each(
+    async (authorizationServer) => {
+      await authorizationServer.delete();
+    }
+  );
+}
+
+async function cleanNetworkZones() {
+  await client.listNetworkZones().each(
+    async networkZone => {
+      const canDelete = networkZone.name?.startsWith('node-sdk: ');
+      if (canDelete) {
+        try {
+          if (networkZone.status === 'ACTIVE') {
+            await client.deactivateNetworkZone(networkZone.id);
+          }
+          await client.deleteNetworkZone(networkZone.id);
+        } catch (err) {
+          console.error(err);
+        }
+      } else {
+        console.log(`Skipped network zone to remove ${networkZone.name}`);
+      }
     }
   );
 }
 
-function cleanApplications() {
-  client.listApplications().each(application =>{
+async function cleanApplications() {
+  await client.listApplications().each(async (application) =>{
     (application.label === 'Node SDK Service App' || application.label === 'Bacon Service Client') ?
       console.log(`Skipped application to remove ${application.label}`) :
-      utils.removeAppByLabel(client, application.label);
+      await utils.removeAppByLabel(client, application.label);
   });
 }
 
-function cleanTestUsers() {
-  client.listUsers().each(user => {
+async function cleanTestUsers() {
+  await client.listUsers().each(async (user) => {
     (user.profile.email.endsWith('okta.com')) ?
       console.log(`Skipped user to remove ${user.profile.email}`) :
-      utils.deleteUser(user);
+      await utils.deleteUser(user);
   });
 }
 
-function cleanTestGroups() {
+async function cleanTestGroups() {
   const url = `${client.baseUrl}/api/v1/groups`;
   const request = {
     method: 'get',
@@ -73,15 +102,19 @@ function cleanTestGroups() {
 }
 
 describe('Clean all test resources', () => {
-
-  cleanAuthorizationServers();
-
-  cleanTestUsers();
-
-  cleanTestGroups();
-
-  cleanApplications();
-
-  cleanInlineHooks();
-
+  it('cleans resources', async () => {
+    await cleanNetworkZones();
+ 
+    await cleanAuthorizationServers();
+ 
+    await cleanTestUsers();
+ 
+    await cleanTestGroups();
+ 
+    await cleanApplications();
+
+    await cleanDomains();
+ 
+    await cleanInlineHooks();
+  });
 });
diff --git a/test/it/feature-crud.ts b/test/it/feature-crud.ts
index 00eee38b4..eac855cef 100644
--- a/test/it/feature-crud.ts
+++ b/test/it/feature-crud.ts
@@ -19,7 +19,9 @@ const client = new Client({
 const getFirstNonBetaFeature = async () => {
   let firstFeatureInList;
   await client.listFeatures().each((feature) => {
-    if (feature.stage.value !== 'BETA') {
+    // Note: Trying to enable feature 'Enforce MFA For Admin Console' will fail with error:
+    // Api validation failed: ENFORCE_MFA_FOR_ADMIN_APPS. Cannot enable the feature: To satisfy 2FA assurance, the current admin must have enough enrolled authenticators, and the enrolled authenticators cannot be disabled in authenticator enrollment policy.
+    if (feature.stage.value !== 'BETA' && !feature.name.includes('Enforce MFA')) {
       firstFeatureInList = feature;
       return false;
     }
diff --git a/test/it/network-zone.ts b/test/it/network-zone.ts
index 06f79d993..071a9c96c 100644
--- a/test/it/network-zone.ts
+++ b/test/it/network-zone.ts
@@ -22,7 +22,7 @@ describe('Network Zone API', () => {
     networkZone = await client.createNetworkZone({
       type: 'IP',
       id: null,
-      name: 'newNetworkZone',
+      name: 'node-sdk: newNetworkZone',
       status: 'ACTIVE',
       created: null,
       lastUpdated: null,
@@ -50,6 +50,7 @@ describe('Network Zone API', () => {
   });
 
   afterEach(async () => {
+    await client.deactivateNetworkZone(networkZone.id);
     await client.deleteNetworkZone(networkZone.id);
   });
 
diff --git a/yarn.lock b/yarn.lock
index 382f4aa3b..7f595fe90 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -3474,10 +3474,10 @@ nise@^5.1.0:
     just-extend "^4.0.2"
     path-to-regexp "^1.7.0"
 
-njwt@^1.0.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/njwt/-/njwt-1.2.0.tgz#1badf085fba3fd00abb70ed6c8f00246c6f46fa4"
-  integrity sha512-i+cdqwxo7EUimJCHPSAEpQEWrz4ilsVefL+FRhWrjMqq8HHiQ8dwi9GUWUfj3Vt6XMY2PXSjMn9JeVB3/Jp6pg==
+njwt@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/njwt/-/njwt-2.0.1.tgz#21a224c33ab1468f903210b1f45a20181adb6600"
+  integrity sha512-HwFeZsPJ1aOhIjMjqT9Qv7BOsQbkxjRVPPSdFXNOTEkfKpr9+O6OX+dSN6TxxIErSYSqrmlDR4H2zOGOpEbZLA==
   dependencies:
     "@types/node" "^15.0.1"
     ecdsa-sig-formatter "^1.0.5"
@@ -4799,4 +4799,4 @@ z-schema@^4.2.2:
     lodash.isequal "^4.5.0"
     validator "^13.6.0"
   optionalDependencies:
-    commander "^2.7.1"
\ No newline at end of file
+    commander "^2.7.1"