vault list auth/token/accessors
allow you to list all tokens, and revoke all tokens by revealing them. Is it possible to filter these to exclude all non-root tokens?
I figured out you can use POST auth/token/lookup-accessor
It’s not possible to paginate these results so if there are many tokens this command will time out.