diff --git a/codebuild/py312/decrypt_hkeyring_with_net.yml b/codebuild/py312/decrypt_hkeyring_with_net.yml
index 6a3b321eb..1a1ab1827 100644
--- a/codebuild/py312/decrypt_hkeyring_with_net.yml
+++ b/codebuild/py312/decrypt_hkeyring_with_net.yml
@@ -23,27 +23,26 @@ phases:
       - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/312_hkeyring_reccmm_manifest.zip 312_hkeyring_reccmm_manifest.zip
       - unzip 312_hkeyring_reccmm_manifest.zip
       - export DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="${PWD}/312_hkeyring_reccmm_manifest/manifest.json"
-
-      # Download dafny
-      - curl https://github.com/dafny-lang/dafny/releases/download/v4.7.0/dafny-4.7.0-x64-ubuntu-20.04.zip  -L -o dafny.zip
+      
+      # Clone SDK-Dafny repo to get test vectors runner source code and the Dafny version to use
+      - git clone --recurse-submodules https://github.com/aws/aws-encryption-sdk-dafny.git
+      # Download Dafny to build the test vector runner; get Dafny version from ESDK's project.properties file
+      - export dafnyVersion=$(grep '^dafnyVersion=' aws-encryption-sdk-dafny/AwsEncryptionSDK/project.properties | cut -d '=' -f 2)
+      - curl https://github.com/dafny-lang/dafny/releases/download/v$dafnyVersion/dafny-$dafnyVersion-x64-ubuntu-20.04.zip  -L -o dafny.zip
       - unzip -qq dafny.zip && rm dafny.zip
       - export PATH="$PWD/dafny:$PATH"
 
-      # Clone SDK-Dafny repo to get test vectors runner
-      - git clone --recurse-submodules https://github.com/aws/aws-encryption-sdk-dafny.git
-      # TODO: Change branch to published when available
-      - cd aws-encryption-sdk-dafny
-      - git checkout lucmcdon/hkeyring-vectors
-      - git pull
-      - cd AwsEncryptionSDK/
-      - make transpile_net
-      - cd ../mpl/TestVectorsAwsCryptographicMaterialProviders/
+      # Build MPL test vector runner from source
+      - cd aws-encryption-sdk-dafny/mpl/TestVectorsAwsCryptographicMaterialProviders/
       - make transpile_net
 
-      # Change TestVectors to reference the published .NET ESDK
-      - cd ../../AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors
-      # - sed -i -e 's/<ProjectReference Include="\.\.\/\.\.\/ESDK\.csproj" \/>/<PackageReference Include="AWS.Cryptography.EncryptionSDK" Version="4.0.1" \/>/g' AWSEncryptionSDKTestVectorLib.csproj
-      # - cd ../TestVectors
+      # Change ESDK TestVectors project to reference the published .NET ESDK
+      - cd ../../AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorLib
+      # CodeBuild seems to want to use ESDK-NET 4.0.0, which is not the most recent version...
+      # Pin to at least 4.1.0; this is the most recent version at time of writing.
+      # Hopefully CodeBuild will find more recent versions in the future
+      - sed -i 's|<ProjectReference Include="\.\./\.\./ESDK\.csproj" />|<PackageReference Include="AWS.Cryptography.EncryptionSDK" Version="[4.1.0,)" />|g' AWSEncryptionSDKTestVectorLib.csproj
+      - cd ../TestVectors
   
   build:
     commands: