diff --git a/src/libstrongswan/settings/settings.c b/src/libstrongswan/settings/settings.c
index b67b00e514..cc8ce71f1c 100644
--- a/src/libstrongswan/settings/settings.c
+++ b/src/libstrongswan/settings/settings.c
@@ -1071,13 +1071,37 @@ METHOD(settings_t, load_string_section, bool,
 	return extend_section(this, parent, section, merge);
 }
 
+CALLBACK(clear_content, void,
+	char *str, int idx, void *clear)
+{
+	if (*(bool*)clear)
+	{
+		memwipe(str, strlen(str));
+	}
+	free(str);
+}
+
+/**
+ * Destroy the settings object and optionally clear content memory
+ */
+static void destroy_settings(private_settings_t *this, bool clear)
+{
+	settings_section_destroy(this->top, clear ? this->contents : NULL);
+	array_destroy_function(this->contents, clear_content, &clear);
+	this->lock->destroy(this->lock);
+	free(this);
+}
+
 METHOD(settings_t, destroy, void,
 	private_settings_t *this)
 {
-	settings_section_destroy(this->top, NULL);
-	array_destroy_function(this->contents, (void*)free, NULL);
-	this->lock->destroy(this->lock);
-	free(this);
+	destroy_settings(this, FALSE);
+}
+
+METHOD(settings_t, destroy_clear, void,
+	private_settings_t *this)
+{
+	destroy_settings(this, TRUE);
 }
 
 static private_settings_t *settings_create_base()
@@ -1105,6 +1129,7 @@ static private_settings_t *settings_create_base()
 			.load_string = _load_string,
 			.load_string_section = _load_string_section,
 			.destroy = _destroy,
+			.destroy_clear = _destroy_clear,
 		},
 		.top = settings_section_create(NULL),
 		.contents = array_create(0, 0),
diff --git a/src/libstrongswan/settings/settings.h b/src/libstrongswan/settings/settings.h
index 814cf32e53..d938164148 100644
--- a/src/libstrongswan/settings/settings.h
+++ b/src/libstrongswan/settings/settings.h
@@ -385,6 +385,11 @@ struct settings_t {
 	 * Destroy a settings instance.
 	 */
 	void (*destroy)(settings_t *this);
+
+	/**
+	 * Destroy a settings instance after clearing memory used for values.
+	 */
+	void (*destroy_clear)(settings_t *this);
 };
 
 /**
diff --git a/src/libstrongswan/tests/suites/test_settings.c b/src/libstrongswan/tests/suites/test_settings.c
index e0609605cb..a28a7d131d 100644
--- a/src/libstrongswan/tests/suites/test_settings.c
+++ b/src/libstrongswan/tests/suites/test_settings.c
@@ -201,6 +201,13 @@ START_TEST(test_set_default_str)
 }
 END_TEST
 
+START_TEST(test_destroy_clear)
+{
+	/* just the most basic test as we can't reliably verify it works */
+	settings->destroy_clear(settings);
+}
+END_TEST
+
 START_SETUP(setup_bool_config)
 {
 	create_settings(chunk_from_str(
@@ -838,7 +845,6 @@ START_TEST(test_order_section)
 }
 END_TEST
 
-
 START_TEST(test_load_string)
 {
 	char *content =
@@ -1654,6 +1660,11 @@ Suite *settings_suite_create()
 	tcase_add_test(tc, test_set_default_str);
 	suite_add_tcase(s, tc);
 
+	tc = tcase_create("destroy_clear");
+	tcase_add_checked_fixture(tc, setup_base_config, NULL);
+	tcase_add_test(tc, test_destroy_clear);
+	suite_add_tcase(s, tc);
+
 	tc = tcase_create("get/set_bool");
 	tcase_add_checked_fixture(tc, setup_bool_config, teardown_config);
 	tcase_add_test(tc, test_get_bool);