diff --git a/Cargo.lock b/Cargo.lock
index aa3cc1ae..e519673c 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -32,6 +32,7 @@ dependencies = [
  "cipher",
  "cpubits",
  "cpufeatures",
+ "zeroize",
 ]
 
 [[package]]
@@ -359,6 +360,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2eecf2d5dc9b66b732b97707a0210906b1d30523eb773193ab777c0c84b3e8d5"
 dependencies = [
  "polyval",
+ "zeroize",
 ]
 
 [[package]]
@@ -500,6 +502,7 @@ dependencies = [
  "cpubits",
  "cpufeatures",
  "universal-hash",
+ "zeroize",
 ]
 
 [[package]]
diff --git a/aes-gcm/Cargo.toml b/aes-gcm/Cargo.toml
index cede16a4..b14057e3 100644
--- a/aes-gcm/Cargo.toml
+++ b/aes-gcm/Cargo.toml
@@ -40,6 +40,7 @@ bytes = ["aead/bytes"]
 getrandom = ["aead/getrandom"]
 hazmat = []
 rand_core = ["aead/rand_core"]
+zeroize = ["dep:zeroize", "aes?/zeroize", "ghash/zeroize"]
 
 [package.metadata.docs.rs]
 all-features = true
diff --git a/aes-gcm/src/lib.rs b/aes-gcm/src/lib.rs
index c101d646..b208ed7f 100644
--- a/aes-gcm/src/lib.rs
+++ b/aes-gcm/src/lib.rs
@@ -367,3 +367,14 @@ where
         tag
     }
 }
+
+// `AesGcm` intentionally has no custom `Drop`.
+// With the `zeroize` feature enabled, sensitive state is cleared by member drops
+// (`cipher` via `Aes`, `ghash` via internal `Polyval`) after this marker impl.
+#[cfg(feature = "zeroize")]
+impl<Aes, NonceSize, TagSize> zeroize::ZeroizeOnDrop for AesGcm<Aes, NonceSize, TagSize>
+where
+    Aes: zeroize::ZeroizeOnDrop,
+    TagSize: self::TagSize,
+{
+}