diff --git a/manifests/keystone/authtoken.pp b/manifests/keystone/authtoken.pp
index 3b06dabd4..30b7c6ec1 100644
--- a/manifests/keystone/authtoken.pp
+++ b/manifests/keystone/authtoken.pp
@@ -177,25 +177,6 @@
 #   true/false
 #   Defaults to $::os_service_default.
 #
-# DEPRECATED PARAMETERS
-#
-# [*check_revocations_for_cached*]
-#   (Optional) If true, the revocation list will be checked for cached tokens.
-#   This requires that PKI tokens are configured on the identity server.
-#   boolean value.
-#   Defaults to undef.
-#
-# [*hash_algorithms*]
-#   (Optional) Hash algorithms to use for hashing PKI tokens. This may be a
-#   single algorithm or multiple. The algorithms are those supported by Python
-#   standard hashlib.new(). The hashes will be tried in the order given, so put
-#   the preferred one first for performance. The result of the first hash will
-#   be stored in the cache. This will typically be set to multiple values only
-#   while migrating from a less secure algorithm to a more secure one. Once all
-#   the old tokens are expired this option should be set to a single value for
-#   better performance. List value.
-#   Defaults to undef.
-#
 class nova::keystone::authtoken(
   $username                       = 'nova',
   $password                       = $::os_service_default,
@@ -231,9 +212,6 @@ class nova::keystone::authtoken(
   $token_cache_time               = $::os_service_default,
   $service_token_roles            = $::os_service_default,
   $service_token_roles_required   = $::os_service_default,
-  # DEPRECATED PARAMETERS
-  $check_revocations_for_cached   = undef,
-  $hash_algorithms                = undef,
 ) {
 
   include ::nova::deps
@@ -242,14 +220,6 @@ class nova::keystone::authtoken(
     fail('Please set password for nova service user')
   }
 
-  if $check_revocations_for_cached {
-    warning('check_revocations_for_cached parameter is deprecated, has no effect and will be removed in the future.')
-  }
-
-  if $hash_algorithms {
-    warning('hash_algorithms parameter is deprecated, has no effect and will be removed in the future.')
-  }
-
   keystone::resource::authtoken { 'nova_config':
     username                       => $username,
     password                       => $password,
diff --git a/manifests/metadata/novajoin/authtoken.pp b/manifests/metadata/novajoin/authtoken.pp
index 6f4c48b17..a42dc69b0 100644
--- a/manifests/metadata/novajoin/authtoken.pp
+++ b/manifests/metadata/novajoin/authtoken.pp
@@ -161,25 +161,6 @@
 #   (in seconds). Set to -1 to disable caching completely. Integer value
 #   Defaults to $::os_service_default.
 #
-# === Deprecated parameters
-#
-# [*check_revocations_for_cached*]
-#   (Optional) If true, the revocation list will be checked for cached tokens.
-#   This requires that PKI tokens are configured on the identity server.
-#   boolean value.
-#   Defaults to $::os_service_default.
-#
-# [*hash_algorithms*]
-#   (Optional) Hash algorithms to use for hashing PKI tokens. This may be a
-#   single algorithm or multiple. The algorithms are those supported by Python
-#   standard hashlib.new(). The hashes will be tried in the order given, so put
-#   the preferred one first for performance. The result of the first hash will
-#   be stored in the cache. This will typically be set to multiple values only
-#   while migrating from a less secure algorithm to a more secure one. Once all
-#   the old tokens are expired this option should be set to a single value for
-#   better performance. List value.
-#   Defaults to $::os_service_default.
-#
 class nova::metadata::novajoin::authtoken(
   $username                       = 'novajoin',
   $password                       = $::os_service_default,
@@ -213,23 +194,12 @@ class nova::metadata::novajoin::authtoken(
   $manage_memcache_package        = false,
   $region_name                    = $::os_service_default,
   $token_cache_time               = $::os_service_default,
-  ## DEPRECATED PARAMETERS
-  $check_revocations_for_cached   = undef,
-  $hash_algorithms                = undef,
 ) {
 
   if is_service_default($password) {
     fail('Please set password for novajoin service user')
   }
 
-  if $check_revocations_for_cached {
-    warning('check_revocations_for_cached is deprecated, will be removed and has no effect')
-  }
-
-  if $hash_algorithms {
-    warning('hash_algorithms is deprecated, will be removed and has no effect')
-  }
-
   keystone::resource::authtoken { 'novajoin_config':
     username                       => $username,
     password                       => $password,
diff --git a/releasenotes/notes/remove_deprecated_pki_related_options-88466f6a00bbd2e3.yaml b/releasenotes/notes/remove_deprecated_pki_related_options-88466f6a00bbd2e3.yaml
new file mode 100644
index 000000000..62af34f16
--- /dev/null
+++ b/releasenotes/notes/remove_deprecated_pki_related_options-88466f6a00bbd2e3.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    The deprecated pki related options check_revocations_for_cached and
+    hash_algorithms option has been removed.