diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index f6a629364b..f72c49f392 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -949,38 +949,65 @@ qemuDomainSecretPlainClear(qemuDomainSecretPlain secret)
 
 
 static void
-qemuDomainSecretAESClear(qemuDomainSecretAES secret)
+qemuDomainSecretAESClear(qemuDomainSecretAES secret,
+                         bool keepAlias)
 {
+    if (!keepAlias)
+        VIR_FREE(secret.alias);
+
     VIR_FREE(secret.username);
-    VIR_FREE(secret.alias);
     VIR_FREE(secret.iv);
     VIR_FREE(secret.ciphertext);
 }
 
 
+static void
+qemuDomainSecretInfoClear(qemuDomainSecretInfoPtr secinfo,
+                          bool keepAlias)
+{
+    if (!secinfo)
+        return;
+
+    switch ((qemuDomainSecretInfoType) secinfo->type) {
+    case VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN:
+        qemuDomainSecretPlainClear(secinfo->s.plain);
+        break;
+
+    case VIR_DOMAIN_SECRET_INFO_TYPE_AES:
+        qemuDomainSecretAESClear(secinfo->s.aes, keepAlias);
+        break;
+
+    case VIR_DOMAIN_SECRET_INFO_TYPE_LAST:
+        break;
+    }
+}
+
+
 void
 qemuDomainSecretInfoFree(qemuDomainSecretInfoPtr *secinfo)
 {
     if (!*secinfo)
         return;
 
-    switch ((qemuDomainSecretInfoType) (*secinfo)->type) {
-    case VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN:
-        qemuDomainSecretPlainClear((*secinfo)->s.plain);
-        break;
-
-    case VIR_DOMAIN_SECRET_INFO_TYPE_AES:
-        qemuDomainSecretAESClear((*secinfo)->s.aes);
-        break;
-
-    case VIR_DOMAIN_SECRET_INFO_TYPE_LAST:
-        break;
-    }
+    qemuDomainSecretInfoClear(*secinfo, false);
 
     VIR_FREE(*secinfo);
 }
 
 
+/**
+ * qemuDomainSecretInfoDestroy:
+ * @secinfo: object to destroy
+ *
+ * Removes any data unnecessary for further use, but keeps alias allocated.
+ */
+void
+qemuDomainSecretInfoDestroy(qemuDomainSecretInfoPtr secinfo)
+{
+    qemuDomainSecretInfoClear(secinfo, true);
+}
+
+
 static virClassPtr qemuDomainDiskPrivateClass;
 static void qemuDomainDiskPrivateDispose(void *obj);
 
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index f76404e1ac..3e139e0c57 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -836,6 +836,8 @@ bool qemuDomainSupportsEncryptedSecret(qemuDomainObjPrivatePtr priv);
 void qemuDomainSecretInfoFree(qemuDomainSecretInfoPtr *secinfo)
     ATTRIBUTE_NONNULL(1);
 
+void qemuDomainSecretInfoDestroy(qemuDomainSecretInfoPtr secinfo);
+
 void qemuDomainSecretDiskDestroy(virDomainDiskDefPtr disk)
     ATTRIBUTE_NONNULL(1);