diff --git a/keystone/conf/token.py b/keystone/conf/token.py
index 92b96e34b3..91d2c55b1b 100644
--- a/keystone/conf/token.py
+++ b/keystone/conf/token.py
@@ -13,6 +13,7 @@
 import sys
 
 from oslo_config import cfg
+from oslo_log import versionutils
 
 from keystone.conf import utils
 
@@ -30,6 +31,8 @@ enforce_token_bind = cfg.StrOpt(
     'enforce_token_bind',
     default='permissive',
     choices=['disabled', 'permissive', 'strict', 'required'],
+    deprecated_since=versionutils.deprecated.PIKE,
+    deprecated_for_removal=True,
     help=utils.fmt("""
 This controls the token binding enforcement policy on tokens presented to
 keystone with token binding metadata (as specified by the `[token] bind`
@@ -74,6 +77,8 @@ command).
 driver = cfg.StrOpt(
     'driver',
     default='sql',
+    deprecated_since=versionutils.deprecated.PIKE,
+    deprecated_for_removal=True,
     help=utils.fmt("""
 Entry point for the token persistence backend driver in the
 `keystone.token.persistence` namespace. Keystone provides the `sql`
diff --git a/keystone/token/providers/uuid.py b/keystone/token/providers/uuid.py
index 84af399925..4652f7a877 100644
--- a/keystone/token/providers/uuid.py
+++ b/keystone/token/providers/uuid.py
@@ -16,6 +16,8 @@
 
 from __future__ import absolute_import
 
+from oslo_log import versionutils
+
 import uuid
 
 from keystone.token.providers import common
@@ -23,6 +25,14 @@ from keystone.token.providers import common
 
 class Provider(common.BaseProvider):
 
+    @versionutils.deprecated(
+        as_of=versionutils.deprecated.PIKE,
+        what='UUID Token Provider "[token] provider=uuid"',
+        in_favor_of='Fernet token Provider "[token] provider=fernet"',
+        remove_in=+2)
+    def __init__(self, *args, **kwargs):
+        super(Provider, self).__init__(*args, **kwargs)
+
     def _get_token_id(self, token_data):
         return uuid.uuid4().hex
 
diff --git a/releasenotes/notes/deprecated-as-of-pike-506f9aca91674550.yaml b/releasenotes/notes/deprecated-as-of-pike-506f9aca91674550.yaml
new file mode 100644
index 0000000000..95c0008f7a
--- /dev/null
+++ b/releasenotes/notes/deprecated-as-of-pike-506f9aca91674550.yaml
@@ -0,0 +1,11 @@
+---
+deprecations:
+  - |
+    * UUID token provider ``[token] provider=uuid`` has been deprecated in
+      favor of Fernet tokens ``[token] provider=fernet``. With Fernet tokens
+      becoming the default UUID tokens can be slated for removal in the R
+      release. This also deprecates token-bind support as it was never
+      implemented for fernet.
+
+    * Token persistence driver/code (SQL) is deprecated with this patch since
+      it is only used by the UUID token provider..