diff --git a/cmd/notary-signer/dump_linux.go b/cmd/notary-signer/dump_linux.go
new file mode 100644
index 000000000..bb8b58184
--- /dev/null
+++ b/cmd/notary-signer/dump_linux.go
@@ -0,0 +1,11 @@
+package main
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+func protect() error {
+	// Make sure process is not dumpable, so will not core dump, which would
+	// write keys to disk, and cannot be ptraced to read keys.
+	return unix.Prctl(unix.PR_SET_DUMPABLE, 0, 0, 0, 0)
+}
diff --git a/cmd/notary-signer/dump_unsupported.go b/cmd/notary-signer/dump_unsupported.go
new file mode 100644
index 000000000..d1c1b7ae3
--- /dev/null
+++ b/cmd/notary-signer/dump_unsupported.go
@@ -0,0 +1,7 @@
+// +build !linux
+
+package main
+
+func protect() error {
+	return nil
+}
diff --git a/cmd/notary-signer/main.go b/cmd/notary-signer/main.go
index 9a5dc6436..c0d15e077 100644
--- a/cmd/notary-signer/main.go
+++ b/cmd/notary-signer/main.go
@@ -50,6 +50,11 @@ func main() {
 
 	if flagStorage.debug {
 		go debugServer(debugAddr)
+	} else {
+		// If not in debug mode, stop tracing, core dumps if supported to help protect keys.
+		if err := protect(); err != nil {
+			logrus.Fatal(err.Error())
+		}
 	}
 
 	// when the signer starts print the version for debugging and issue logs later