diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 1f894693..70e535fe 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1547,6 +1547,8 @@ ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type)
     if (buffer == NULL) {
         return NULL;
     }
+    /* The buffer will contain sensitive information. Make sure it is erased */
+    ssh_buffer_set_secure(buffer);
 
     if (key->cert != NULL) {
         rc = ssh_buffer_add_buffer(buffer, key->cert);
diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c
index 8aec75e9..2361112b 100644
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -1409,6 +1409,8 @@ ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type)
     if (buffer == NULL) {
         return NULL;
     }
+    /* The buffer will contain sensitive information. Make sure it is erased */
+    ssh_buffer_set_secure(buffer);
 
     if (key->cert != NULL) {
         rc = ssh_buffer_add_buffer(buffer, key->cert);
diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c
index c0ba4d6d..57c87c56 100644
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@@ -890,6 +890,8 @@ ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type)
     if (buffer == NULL) {
         return NULL;
     }
+    /* The buffer will contain sensitive information. Make sure it is erased */
+    ssh_buffer_set_secure(buffer);
 
     if (key->cert != NULL) {
         rc = ssh_buffer_add_buffer(buffer, key->cert);