Deleting expired tokens

By default, the Keystone Identity Service stores expired tokens in the database indefinitely. While potentially useful for auditing in production environments, the accumulation of expired tokens considerably increases the database size and might affect the service performance.

Use cron as follows to configure a periodic task on one of the protocol nodes that purges expired tokens hourly or based on the load in your environment. 
# (crontab -l -u keystone 2>&1 | grep -q token_flush) || \
  echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' \
  >> /var/spool/cron/keystone
Parent topic: Configuring authentication for object access
Related concepts:
Configuring an AD-based authentication for object access
Configuring an LDAP-based authentication for object access
Configuring object authentication with an external keystone server
Managing object users, roles, and projects
Related tasks:
Configuring local authentication for object access
Creating object accounts