This article argues that when actors engage in controversial new security practices, it is misconceived to view secrecy as an opposed, counterproductive alternative to the pursuit of legitimation. Rather, we propose, deployment of “quasi-secrecy”—a combination of official secrecy with leaks, selective disclosure, and de facto public awareness—can be an effective strategy for achieving normalization and legitimation while containing the risks entailed by disclosure. We support this claim via a detailed case study of US targeted killing. First, we establish the existence of an American norm against targeted killing during the period 1976–2001. We then detail the process by which an innovation in practice was secretly approved, implemented, became known, and was gradually, partially officially acknowledged. We argue that even if quasi-secrecy was not in this instance a coherently-conceived and deliberately pursued strategy from start to finish, the case provides proof of concept for its potential to be deployed as such.