diff --git a/tests/test_api.py b/tests/test_api.py
index 2cf12228..ad158269 100755
--- a/tests/test_api.py
+++ b/tests/test_api.py
@@ -54,6 +54,10 @@
     Signature
 )
 
+from securesystemslib.keys import (
+    generate_ed25519_key
+)
+
 logger = logging.getLogger(__name__)
 
 
@@ -421,6 +425,14 @@ def test_metadata_verify_delegate(self):
         root.verify_delegate('snapshot', snapshot)
 
 
+    def test_key_class(self):
+        # Test if from_securesystemslib_key removes the private key from keyval
+        # of a securesystemslib key dictionary.
+        sslib_key = generate_ed25519_key()
+        key = Key.from_securesystemslib_key(sslib_key)
+        self.assertFalse('private' in key.keyval.keys())
+
+
     def test_metadata_root(self):
         root_path = os.path.join(
                 self.repo_dir, 'metadata', 'root.json')
diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py
index 01c30610..f7eefa1a 100644
--- a/tuf/api/metadata.py
+++ b/tuf/api/metadata.py
@@ -562,6 +562,24 @@ def to_securesystemslib_key(self) -> Dict[str, Any]:
             "keyval": self.keyval,
         }
 
+    @classmethod
+    def from_securesystemslib_key(cls, key_dict: Dict[str, Any]) -> "Key":
+        """
+        Creates a Key object from a securesystemlib key dict representation
+        removing the private key from keyval.
+        """
+        key_meta = sslib_keys.format_keyval_to_metadata(
+            key_dict["keytype"],
+            key_dict["scheme"],
+            key_dict["keyval"],
+        )
+        return cls(
+            key_dict["keyid"],
+            key_meta["keytype"],
+            key_meta["scheme"],
+            key_meta["keyval"],
+        )
+
     def verify_signature(
         self,
         metadata: Metadata,