diff --git a/README.md b/README.md
index 8c174278..3e3f8c2a 100644
--- a/README.md
+++ b/README.md
@@ -230,7 +230,11 @@ This only needs to be done once.  After this, your `node_modules` folder will be
 
 #### Downloading Value Sets
 
-If your CQL uses value sets from the Value Set Authority Center (VSAC), then the first time you run the tests, they will need to download the value set definitions from VSAC.  Downloading value sets from VSAC requires a VSAC account.  You can configure your VSAC account by setting the `options->vsac->user` and `options-vsac-password` properties in your `cqlt.yaml` file.  If you prefer not to modify the config file, you may set `UMLS_USER_NAME` and `UMLS_PASSWORD` environment variables instead.
+If your CQL uses value sets from the Value Set Authority Center (VSAC), then the first time you run the tests, they will need to download the value set definitions from VSAC.  Downloading value sets from VSAC requires a VSAC account and an API key.  You can find your API key in your [UMLS profile](https://uts.nlm.nih.gov//uts.html#profile) and can configure your VSAC account by setting the `options->vsac->apikey` property in your `cqlt.yaml` file.  If you prefer not to modify the config file, you may set the `UMLS_API_KEY` environment variable instead.
+ 
+Alternatively, existing username/password authentication is supported until January 1, 2021.  You may set the `options->vsac->user` and `options->vsac->password` properties in your `cqlt.yaml` file.  If you prefer not to modify the config file, you may set the`UMLS_USER_NAME` and `UMLS_PASSWORD` environment variables.
+ 
+**NOTE**: Username and password based authentication is deprecated by VSAC, and only supported until January 1, 2021.  API key based authentication is highly encouraged.
 
 Once you've run the tests the first time and downloaded the value sets, they'll be stored in a VSAC cache folder (defaulted to `/.vscache` in the same folder as the `cqlt.yaml` file).  After that, you do not need your VSAC credentials anymore since the CQL Testing Framework will just use the cache.
 
diff --git a/package.json b/package.json
index 94e09a5e..04a2c6ab 100644
--- a/package.json
+++ b/package.json
@@ -16,7 +16,7 @@
     "chai": "^4.2.0",
     "convict": "^4.4.0",
     "cql-exec-fhir": "^1.3.1",
-    "cql-exec-vsac": "^1.1.1",
+    "cql-exec-vsac": "^1.2.0",
     "eslint": "^6.0.1",
     "fs-extra": "^7.0.1",
     "js-yaml": "^3.13.1",
diff --git a/src/buildTestSuite.js b/src/buildTestSuite.js
index ad791dd6..22ce79a6 100644
--- a/src/buildTestSuite.js
+++ b/src/buildTestSuite.js
@@ -46,23 +46,37 @@ function buildTestSuite(testCases, library, codeService, fhirVersion, config) {
 
     before('Download value set definitions from VSAC if necessary', function(done) {
       this.timeout(30000);
-      let user, pass;
-      if (options.vsac && options.vsac.user && options.vsac.user !== '') {
-        user = options.vsac.user;
-        pass = options.vsac.password;
+      let user, pass, key;
+      let ensureValueSets; //we're going to use a different function based on the existence of the API Key option
+      //NOTE: As of Jan 1 2021 VSAC will no longer accept accept username and password. Please use
+      //    ensureValueSetsInLibraryWithAPIKey() instead.
+      if (options.vsac && options.vsac.user && options.vsac.password) {
+        user = options.vsac.user ? options.vsac.user : null;
+        pass = options.vsac.password ? options.vsac.password : null;
+        ensureValueSets = codeService.ensureValueSetsInLibrary(library,true,user,pass);
+      } else {
+        key = options.vsac.apikey ? options.vsac.apikey : null;
+        ensureValueSets = codeService.ensureValueSetsInLibraryWithAPIKey(library,true,key);
       }
-      codeService.ensureValueSetsInLibrary(library, true, user, pass)
-        .then(() => done())
+
+      ensureValueSets.then(() => done())
         .catch((err) => {
           if (err instanceof Error) {
             done(err);
-          } else if (err && err.indexOf('UMLS_USER_NAME') != null) {
+          } else if (err && err.indexOf('UMLS_USER_NAME') != -1) {
             const message = 'Failed to download value sets. Please ensure VSAC user and password '
               + 'is specified via one of the appropriate mechanisms, either:\n'
               + '- configuration: options.vsac.user & options.vsac.password\n'
               + '- environment variables: UMLS_USER_NAME & UMLS_PASSWORD\n'
               + '- arguments (commandline only): --vsac-user & --vsac-password';
             done(new Error(message));
+          } else if(err && err.indexOf('UMLS_API_KEY') != -1) {
+            const message = 'Failed to download value sets. Please ensure VSAC API Key '
+              + 'is specified via one of the appropriate mechanisms, either:\n'
+              + '- configuration: options.vsac.apikey\n'
+              + '- environment variables: UMLS_API_KEY\n'
+              + '- arguments (commandline only): --vsac-apikey\n';
+            done(new Error(message));
           } else {
             done(new Error(err));
           }
diff --git a/src/loadConfig.js b/src/loadConfig.js
index 6a51c1d2..3b2c5e92 100644
--- a/src/loadConfig.js
+++ b/src/loadConfig.js
@@ -74,15 +74,23 @@ function newConfig() {
         arg: 'date'
       },
       vsac: {
+        apikey: {
+          doc: 'The UMLS API Key to use when connecting to the VSAC',
+          format: 'String',
+          default: '',
+          sensitive: true,
+          env: 'UMLS_API_KEY', // NOTE: Inconsistent name to match existing ENV name used by cql-exec-vsac
+          arg: 'vsac-apikey'
+        },
         user: {
-          doc: 'The UMLS user name to use when connecting to the VSAC',
+          doc: '*DEPRECATED* The UMLS user name to use when connecting to the VSAC. As of Jan 1 2021 VSAC will no longer accept accept username and password, API Key MUST be used after this date',
           format: 'String',
           default: '',
           env: 'UMLS_USER_NAME', // NOTE: Inconsistent name to match existing ENV name used by cql-exec-vsac
           arg: 'vsac-user'
         },
         password: {
-          doc: 'The UMLS password to use when connecting to the VSAC',
+          doc: '*DEPRECATED* The UMLS password to use when connecting to the VSAC. As of Jan 1 2021 VSAC will no longer accept accept username and password, API Key MUST be used after this date',
           format: 'String',
           default: '',
           sensitive: true,
diff --git a/yarn.lock b/yarn.lock
index 120cbf0c..65f7f92e 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -269,15 +269,15 @@ cql-exec-fhir@^1.3.1:
   dependencies:
     xml2js "~0.4.19"
 
-cql-exec-vsac@^1.1.1:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/cql-exec-vsac/-/cql-exec-vsac-1.1.1.tgz#2ba2e9cae923f896292c86148fe6668ecc0afef4"
-  integrity sha512-yggzgTqYW5uAfvfhlB16lHgfQFLOqm8rL80hCZ6whmllgBCeRoXBpg6paHCCo91RC4JK29leu5OVdcqv9dTU3w==
+cql-exec-vsac@^1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/cql-exec-vsac/-/cql-exec-vsac-1.2.0.tgz#1243d639b8185d94ed2d323527e0b0a99482cf5f"
+  integrity sha512-98CMTxZOa4pcQEK8tL8p6iBHjCphItWj2/vHqd99vksOkWanbS/5JGdYJTg//i0nJa2Ck7Gk8dDbm7qzlaMHGw==
   dependencies:
-    debug "^4.1.1"
-    mkdirp "^1.0.3"
+    debug "^4.2.0"
+    mkdirp "^1.0.4"
     request "^2.88.2"
-    request-promise-native "^1.0.8"
+    request-promise-native "^1.0.9"
     xml2js "^0.4.23"
 
 cql-execution@^1.3.7:
@@ -320,12 +320,12 @@ debug@^4.0.1:
   dependencies:
     ms "^2.1.1"
 
-debug@^4.1.1:
-  version "4.1.1"
-  resolved "https://registry.yarnpkg.com/debug/-/debug-4.1.1.tgz#3b72260255109c6b589cee050f1d516139664791"
-  integrity sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==
+debug@^4.2.0:
+  version "4.2.0"
+  resolved "https://registry.yarnpkg.com/debug/-/debug-4.2.0.tgz#7f150f93920e94c58f5574c2fd01a3110effe7f1"
+  integrity sha512-IX2ncY78vDTjZMFUdmsvIRFY2Cf4FnD0wRs+nQwJU8Lu99/tPFdb0VybiiMTPe3I6rQmwsqQqRBvxU+bZ/I8sg==
   dependencies:
-    ms "^2.1.1"
+    ms "2.1.2"
 
 deep-eql@^3.0.1:
   version "3.0.1"
@@ -844,7 +844,7 @@ lodash.clonedeep@4.5.0:
   resolved "https://registry.yarnpkg.com/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz#e23f3f9c4f8fbdde872529c1071857a086e5ccef"
   integrity sha1-4j8/nE+Pvd6HJSnBBxhXoIblzO8=
 
-lodash@^4.17.11, lodash@^4.17.15:
+lodash@^4.17.11, lodash@^4.17.15, lodash@^4.17.19:
   version "4.17.15"
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.15.tgz#b447f6670a0455bbfeedd11392eff330ea097548"
   integrity sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==
@@ -890,10 +890,10 @@ mkdirp@0.5.1, mkdirp@^0.5.1:
   dependencies:
     minimist "0.0.8"
 
-mkdirp@^1.0.3:
-  version "1.0.3"
-  resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-1.0.3.tgz#4cf2e30ad45959dddea53ad97d518b6c8205e1ea"
-  integrity sha512-6uCP4Qc0sWsgMLy1EOqqS/3rjDHOEnsStVr/4vtAIK2Y5i2kA7lFFejYrpIyiN9w0pYf4ckeCYT9f1r1P9KX5g==
+mkdirp@^1.0.4:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-1.0.4.tgz#3eb5ed62622756d79a5f0e2a221dfebad75c2f7e"
+  integrity sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==
 
 mocha@^5.2.0:
   version "5.2.0"
@@ -927,6 +927,11 @@ ms@2.0.0:
   resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8"
   integrity sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=
 
+ms@2.1.2:
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009"
+  integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==
+
 ms@^2.1.1:
   version "2.1.1"
   resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.1.tgz#30a5864eb3ebb0a66f2ebe6d727af06a09d86e0a"
@@ -1045,19 +1050,19 @@ regexpp@^2.0.1:
   resolved "https://registry.yarnpkg.com/regexpp/-/regexpp-2.0.1.tgz#8d19d31cf632482b589049f8281f93dbcba4d07f"
   integrity sha512-lv0M6+TkDVniA3aD1Eg0DVpfU/booSu7Eev3TDO/mZKHBfVjgCGTV4t4buppESEYDtkArYFOxTJWv6S5C+iaNw==
 
-request-promise-core@1.1.3:
-  version "1.1.3"
-  resolved "https://registry.yarnpkg.com/request-promise-core/-/request-promise-core-1.1.3.tgz#e9a3c081b51380dfea677336061fea879a829ee9"
-  integrity sha512-QIs2+ArIGQVp5ZYbWD5ZLCY29D5CfWizP8eWnm8FoGD1TX61veauETVQbrV60662V0oFBkrDOuaBI8XgtuyYAQ==
+request-promise-core@1.1.4:
+  version "1.1.4"
+  resolved "https://registry.yarnpkg.com/request-promise-core/-/request-promise-core-1.1.4.tgz#3eedd4223208d419867b78ce815167d10593a22f"
+  integrity sha512-TTbAfBBRdWD7aNNOoVOBH4pN/KigV6LyapYNNlAPA8JwbovRti1E88m3sYAwsLi5ryhPKsE9APwnjFTgdUjTpw==
   dependencies:
-    lodash "^4.17.15"
+    lodash "^4.17.19"
 
-request-promise-native@^1.0.8:
-  version "1.0.8"
-  resolved "https://registry.yarnpkg.com/request-promise-native/-/request-promise-native-1.0.8.tgz#a455b960b826e44e2bf8999af64dff2bfe58cb36"
-  integrity sha512-dapwLGqkHtwL5AEbfenuzjTYg35Jd6KPytsC2/TLkVMz8rm+tNt72MGUWT1RP/aYawMpN6HqbNGBQaRcBtjQMQ==
+request-promise-native@^1.0.9:
+  version "1.0.9"
+  resolved "https://registry.yarnpkg.com/request-promise-native/-/request-promise-native-1.0.9.tgz#e407120526a5efdc9a39b28a5679bf47b9d9dc28"
+  integrity sha512-wcW+sIUiWnKgNY0dqCpOZkUbF/I+YPi+f09JZIDa39Ec+q82CpSYniDp+ISgTTbKmnpJWASeJBPZmoxH84wt3g==
   dependencies:
-    request-promise-core "1.1.3"
+    request-promise-core "1.1.4"
     stealthy-require "^1.1.1"
     tough-cookie "^2.3.3"