That is not CBA so it's not on topic.
Extracting encryption keys on a running system is completely other vector attack and I doubt using registers is much safer than RAM in such case. Might be wrong though. :)
The key for AES is held in the four debug registers. On a 32-bit machine you get 4x32-bit for AES-128, or on a 64-bit machine 4x64-bit up to AES-256. The ptrace(2) system call is patched so these registers are not exposed to user space. And yes, they are zeroed on power-up or reset of the CPU.
Volume 3A
Chapter 9, Processor Management and Initialization
Table 9-1. IA-32 Processor States Following Power-up, Reset, or INIT
The debug registers are named DR0-3 and will be initialized with 00000000H. I can't find an explicit statement for IA-32e mode (Intel's name for x86_64), but I think it is safe to assume the remaining upper 32 bits will be cleared as well.
