diff --git a/vault/capabilities_test.go b/vault/capabilities_test.go
index e3b0b46fc..b560787a2 100644
--- a/vault/capabilities_test.go
+++ b/vault/capabilities_test.go
@@ -5,7 +5,7 @@ import (
 	"testing"
 )
 
-func TestCapabilitiesAccessor_Basic(t *testing.T) {
+func TestCapabilitiesAccessor(t *testing.T) {
 	c, _, token := TestCoreUnsealed(t)
 
 	// Lookup the token in the store to get root token's accessor
@@ -60,7 +60,7 @@ func TestCapabilitiesAccessor_Basic(t *testing.T) {
 	}
 }
 
-func TestCapabilities_Basic(t *testing.T) {
+func TestCapabilities(t *testing.T) {
 	c, _, token := TestCoreUnsealed(t)
 
 	actual, err := c.Capabilities(token, "path")
diff --git a/vault/token_store_test.go b/vault/token_store_test.go
index 66b7f06e9..e4d8eb7e4 100644
--- a/vault/token_store_test.go
+++ b/vault/token_store_test.go
@@ -18,6 +18,96 @@ func getBackendConfig(c *Core) *logical.BackendConfig {
 	}
 }
 
+func TestTokenStore_AccessorIndex(t *testing.T) {
+	_, ts, _, _ := TestCoreWithTokenStore(t)
+
+	ent := &TokenEntry{Path: "test", Policies: []string{"dev", "ops"}}
+	if err := ts.create(ent); err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	out, err := ts.Lookup(ent.ID)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	// Ensure that accessor is created
+	if out == nil || out.Accessor == "" {
+		t.Fatalf("bad: %#v", out)
+	}
+
+	token, err := ts.lookupByAccessor(out.Accessor)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	// Verify that the value returned from the index matches the token ID
+	if token != ent.ID {
+		t.Fatalf("bad: got\n%s\nexpected\n%s\n", token, ent.ID)
+	}
+}
+
+func TestTokenStore_HandleRequest_LookupAccessor(t *testing.T) {
+	_, ts, _, root := TestCoreWithTokenStore(t)
+	testMakeToken(t, ts, root, "tokenid", "", []string{"foo"})
+	out, err := ts.Lookup("tokenid")
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if out == nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	req := logical.TestRequest(t, logical.UpdateOperation, "lookup-accessor")
+	req.Data["accessor"] = out.Accessor
+
+	resp, err := ts.HandleRequest(req)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if resp.Data == nil {
+		t.Fatalf("response should contain data")
+	}
+
+	if resp.Data["accessor"].(string) == "" {
+		t.Fatalf("accessor should not be empty")
+	}
+
+	// Verify that the lookup-accessor operation does not return the token ID
+	if resp.Data["id"].(string) != "" {
+		t.Fatalf("token ID should not be returned")
+	}
+}
+
+func TestTokenStore_HandleRequest_RevokeAccessor(t *testing.T) {
+	_, ts, _, root := TestCoreWithTokenStore(t)
+	testMakeToken(t, ts, root, "tokenid", "", []string{"foo"})
+	out, err := ts.Lookup("tokenid")
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if out == nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	req := logical.TestRequest(t, logical.UpdateOperation, "revoke-accessor")
+	req.Data["accessor"] = out.Accessor
+
+	_, err = ts.HandleRequest(req)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	out, err = ts.Lookup("tokenid")
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	if out != nil {
+		t.Fatalf("bad:\ngot %#v\nexpected: nil\n", out)
+	}
+}
+
 func TestTokenStore_RootToken(t *testing.T) {
 	_, ts, _, _ := TestCoreWithTokenStore(t)