diff --git a/sdk/keyvault/azure-keyvault-administration/tests/_test_case.py b/sdk/keyvault/azure-keyvault-administration/tests/_test_case.py
index 75571078fc3a..fabd497beaf1 100644
--- a/sdk/keyvault/azure-keyvault-administration/tests/_test_case.py
+++ b/sdk/keyvault/azure-keyvault-administration/tests/_test_case.py
@@ -84,23 +84,8 @@ def setUp(self, *args, **kwargs):
             self.container_uri = "https://{}.blob.{}/{}".format(storage_name, storage_endpoint_suffix, container_name)
             self._scrub_url(real_url=self.container_uri, playback_url=container_playback_uri)
 
-            storage_account_key = os.environ.get("BLOB_PRIMARY_STORAGE_ACCOUNT_KEY")
-            if storage_account_key:
-                self.sas_token = generate_account_sas(
-                    account_name=storage_name,
-                    account_key=storage_account_key,
-                    resource_types=ResourceTypes(container=True, object=True),
-                    permission=AccountSasPermissions(
-                        create=True,
-                        list=True,
-                        write=True,
-                        read=True,
-                        add=True,
-                        delete=True,
-                        delete_previous_version=True,
-                    ),
-                    expiry=datetime.utcnow() + timedelta(minutes=30),
-                )
+            self.sas_token = os.environ.get("BLOB_STORAGE_SAS_TOKEN")
+            if self.sas_token:
                 self.scrubber.register_name_pair(self.sas_token, playback_sas_token)
         else:
             self.managed_hsm_url = hsm_playback_url
diff --git a/sdk/keyvault/test-resources.json b/sdk/keyvault/test-resources.json
index c10f8586dd34..74c913e755e6 100644
--- a/sdk/keyvault/test-resources.json
+++ b/sdk/keyvault/test-resources.json
@@ -77,6 +77,13 @@
                 "description": "Key Vault SKU to deploy. The default is 'premium'"
             }
         },
+        "baseTime": {
+            "type": "string",
+            "defaultValue": "[utcNow('u')]",
+            "metadata": {
+                "description": "The base time to add 500 minutes to for SAS token expiration. The default is the current time."
+            }
+        },
         "attestationImage": {
             "type": "string",
             "defaultValue": "keyvault-mock-attestation:latest",
@@ -111,6 +118,14 @@
             "virtualNetworkRules": [],
             "ipRules": [],
             "defaultAction": "Allow"
+        },
+        "accountSasProperties": {
+            "signedServices": "b",
+            "signedPermission": "rwdlacu",
+            "signedProtocol": "https",
+            "signedExpiry": "[dateTimeAdd(parameters('baseTime'), 'PT500M')]",
+            "signedResourceTypes": "sco",
+            "keyToSign": "key1"
         }
     },
     "resources": [
@@ -280,6 +295,10 @@
             "type": "string",
             "value": "[listKeys(variables('primaryAccountName'), variables('mgmtApiVersion')).keys[0].value]"
         },
+        "BLOB_STORAGE_SAS_TOKEN": {
+            "type": "string",
+            "value": "[listAccountSas(variables('primaryAccountName'), '2019-06-01', variables('accountSasProperties')).accountSasToken]"
+        },
         "BLOB_CONTAINER_NAME" : {
             "type": "string",
             "value": "[variables('blobContainerName')]"