diff --git a/aes/decryptor.go b/aes/decryptor.go
index f43534a5e..7715e6b69 100644
--- a/aes/decryptor.go
+++ b/aes/decryptor.go
@@ -1,3 +1,6 @@
+/*
+Package aes defines a Cipher that uses 256-bit AES-GCM authenticated encryption to encrypt values the SOPS tree.
+*/
 package aes //import "go.mozilla.org/sops/aes"
 
 import (
diff --git a/config/config.go b/config/config.go
index 472a73cfd..e4b3895a2 100644
--- a/config/config.go
+++ b/config/config.go
@@ -1,3 +1,6 @@
+/*
+Package config provides a way to find and load SOPS configuration files
+*/
 package config //import "go.mozilla.org/sops/config"
 
 import (
diff --git a/decrypt/decrypt.go b/decrypt/decrypt.go
index 206eafed3..f9c81b693 100644
--- a/decrypt/decrypt.go
+++ b/decrypt/decrypt.go
@@ -1,3 +1,7 @@
+/*
+Package decrypt is the external API other Go programs can use to decrypt SOPS files. It is the only package in SOPS with
+a stable API.
+*/
 package decrypt // import "go.mozilla.org/sops/decrypt"
 
 import (
diff --git a/keyservice/keyservice.go b/keyservice/keyservice.go
index 2bc16acdf..4e14000e5 100644
--- a/keyservice/keyservice.go
+++ b/keyservice/keyservice.go
@@ -1,3 +1,7 @@
+/*
+Package keyservice implements a gRPC API that can be used by SOPS to encrypt and decrypt the data key using remote
+master keys.
+*/
 package keyservice
 
 import (
diff --git a/kms/keysource.go b/kms/keysource.go
index 1aa462b07..347f41882 100644
--- a/kms/keysource.go
+++ b/kms/keysource.go
@@ -1,3 +1,7 @@
+/*
+Package kms contains an implementation of the go.mozilla.org/sops.MasterKey interface that encrypts and decrypts the
+data key using AWS KMS with the AWS Go SDK.
+*/
 package kms //import "go.mozilla.org/sops/kms"
 
 import (
diff --git a/pgp/keysource.go b/pgp/keysource.go
index 115ca01da..7db0f2a00 100644
--- a/pgp/keysource.go
+++ b/pgp/keysource.go
@@ -1,3 +1,7 @@
+/*
+Package pgp contains an implementation of the go.mozilla.org/sops.MasterKey interface that encrypts and decrypts the
+data key by first trying with the golang.org/x/crypto/openpgp package and if that fails, by calling the "gpg" binary.
+ */
 package pgp //import "go.mozilla.org/sops/pgp"
 
 import (
diff --git a/stores/stores.go b/stores/stores.go
index 0d858e14b..a7a5ec226 100644
--- a/stores/stores.go
+++ b/stores/stores.go
@@ -1,3 +1,12 @@
+/*
+Package stores acts as a layer between the internal representation of encrypted files and the encrypted files
+themselves.
+
+Subpackages implement serialization and deserialization to multiple formats.
+
+This package defines the structure SOPS files should have and conversions to and from the internal representation. Part
+of the purpose of this package is to make it easy to change the SOPS file format while remaining backwards-compatible.
+*/
 package stores
 
 import (
@@ -10,10 +19,9 @@ import (
 	"go.mozilla.org/sops/pgp"
 )
 
-// SopsFile is a struct used by the stores as a helper unmarshal the SOPS metadata
+// SopsFile is a struct used by the stores as a helper to unmarshal the SOPS metadata
 type SopsFile struct {
-	Data     interface{} `yaml:"data" json:"data"`
-	Metadata Metadata    `yaml:"sops" json:"sops"`
+	Metadata Metadata `yaml:"sops" json:"sops"`
 }
 
 // Metadata is stored in SOPS encrypted files, and it contains the information necessary to decrypt the file.