diff --git a/pkg/venafi/tpp/connector.go b/pkg/venafi/tpp/connector.go
index 2fcf9e48..07f79523 100644
--- a/pkg/venafi/tpp/connector.go
+++ b/pkg/venafi/tpp/connector.go
@@ -281,6 +281,10 @@ func (c *Connector) RevokeAccessToken(auth *endpoint.Authentication) (err error)
 	}
 
 	if auth.AccessToken != "" {
+		// Take a copy of any existing c.accessToken
+		// and Restore after our Revoke for any existing calls
+		origToken := c.accessToken
+		defer func(){ c.accessToken = origToken}
 		c.accessToken = auth.AccessToken
 		statusCode, statusText, _, err := c.request("GET", urlResource(urlResourceRevokeAccessToken), nil)
 		if err != nil {
diff --git a/pkg/venafi/tpp/connector_test.go b/pkg/venafi/tpp/connector_test.go
index 2510445f..0a2d4793 100644
--- a/pkg/venafi/tpp/connector_test.go
+++ b/pkg/venafi/tpp/connector_test.go
@@ -412,6 +412,21 @@ func TestBadAuthorizeToTPP(t *testing.T) {
 	}
 }
 
+func TestRevokeAccessToken(t *testing.T){
+	tpp, err := getTestConnector(ctx.TPPurl, ctx.TPPZone)
+	if err != nil {
+		t.Fatalf("err is not nil, err: %s url: %s", err, expectedURL)
+	}
+
+	err = tpp.Authenticate(&endpoint.Authentication{AccessToken: ctx.TPPaccessToken})
+	if err != nil {
+		t.Fatalf("err is not nil, err: %s", err)
+	}
+	tpp.RevokeAccessToken(&endpoint.Authentication{AccessToken: "RandomAccessToken"})
+	// Ensure that our own access token is set back!
+	assert.Equal(t, tpp.accessToken, ctx.TPPaccessToken)
+}
+
 func TestReadConfigData(t *testing.T) {
 	tpp, err := getTestConnector(ctx.TPPurl, ctx.TPPZone)
 	if err != nil {