diff --git a/Makefile b/Makefile
index c5af1a2c6..56080d041 100644
--- a/Makefile
+++ b/Makefile
@@ -27,8 +27,9 @@ test:
 	touch coverage.txt
 	$(GO) test -coverprofile=coverage_tmp.txt -covermode=atomic $(PROJECT) && cat coverage_tmp.txt >> coverage.txt
 	$(GO) test $(PROJECT)/aes -coverprofile=coverage_tmp.txt -covermode=atomic && cat coverage_tmp.txt >> coverage.txt
-	$(GO) test $(PROJECT)/cmd/sops -coverprofile=coverage_tmp.txt -covermode=atomic && cat coverage_tmp.txt >> coverage.txt
 	$(GO) test $(PROJECT)/yaml -coverprofile=coverage_tmp.txt -covermode=atomic && cat coverage_tmp.txt >> coverage.txt
+	$(GO) test $(PROJECT)/cmd/sops -coverprofile=coverage_tmp.txt -covermode=atomic && cat coverage_tmp.txt >> coverage.txt
+	$(GO) test $(PROJECT)/decrypt -coverprofile=coverage_tmp.txt -covermode=atomic && cat coverage_tmp.txt >> coverage.txt
 	$(GO) test $(PROJECT)/stores/yaml -coverprofile=coverage_tmp.txt -covermode=atomic && cat coverage_tmp.txt >> coverage.txt
 	$(GO) test $(PROJECT)/stores/json -coverprofile=coverage_tmp.txt -covermode=atomic && cat coverage_tmp.txt >> coverage.txt
 	gpg --import pgp/sops_functional_tests_key.asc 2>&1 1>/dev/null || exit 0
diff --git a/aes/decryptor.go b/aes/decryptor.go
index 19fe00335..a8c15854d 100644
--- a/aes/decryptor.go
+++ b/aes/decryptor.go
@@ -9,8 +9,16 @@ import (
 	"regexp"
 	"strconv"
 	"strings"
+
+	"github.com/sirupsen/logrus"
 )
 
+var log *logrus.Logger
+
+func init() {
+	log = logrus.New()
+}
+
 type encryptedValue struct {
 	data     []byte
 	iv       []byte
diff --git a/aes/decryptor_test.go b/aes/decryptor_test.go
index 4e1b24445..6b4f01c6b 100644
--- a/aes/decryptor_test.go
+++ b/aes/decryptor_test.go
@@ -2,7 +2,6 @@ package aes
 
 import (
 	"crypto/rand"
-	"log"
 	"strings"
 	"testing"
 	"testing/quick"
diff --git a/cmd/sops/edit.go b/cmd/sops/edit.go
index 86aabc87a..14dbc720d 100644
--- a/cmd/sops/edit.go
+++ b/cmd/sops/edit.go
@@ -3,7 +3,6 @@ package main
 import (
 	"fmt"
 	"io/ioutil"
-	"log"
 	"os"
 
 	"crypto/md5"
diff --git a/cmd/sops/main.go b/cmd/sops/main.go
index 916f7f819..eeadc426f 100644
--- a/cmd/sops/main.go
+++ b/cmd/sops/main.go
@@ -1,7 +1,6 @@
 package main //import "go.mozilla.org/sops/cmd/sops"
 
 import (
-	"log"
 	"net"
 	"net/url"
 
@@ -20,6 +19,7 @@ import (
 
 	"strconv"
 
+	"github.com/sirupsen/logrus"
 	"go.mozilla.org/sops/aes"
 	"go.mozilla.org/sops/cmd/sops/codes"
 	"go.mozilla.org/sops/cmd/sops/subcommand/groups"
@@ -34,6 +34,12 @@ import (
 	"gopkg.in/urfave/cli.v1"
 )
 
+var log *logrus.Logger
+
+func init() {
+	log = logrus.New()
+}
+
 func main() {
 	cli.VersionPrinter = printVersion
 	app := cli.NewApp()
diff --git a/cmd/sops/subcommand/keyservice/keyservice.go b/cmd/sops/subcommand/keyservice/keyservice.go
index 69043a3d3..6e6c757b0 100644
--- a/cmd/sops/subcommand/keyservice/keyservice.go
+++ b/cmd/sops/subcommand/keyservice/keyservice.go
@@ -1,7 +1,6 @@
 package keyservice
 
 import (
-	"log"
 	"net"
 	"os"
 	"os/signal"
@@ -9,9 +8,16 @@ import (
 
 	"go.mozilla.org/sops/keyservice"
 
+	"github.com/sirupsen/logrus"
 	"google.golang.org/grpc"
 )
 
+var log *logrus.Logger
+
+func init() {
+	log = logrus.New()
+}
+
 type Opts struct {
 	Network string
 	Address string
diff --git a/example_test.go b/decrypt/example_test.go
similarity index 88%
rename from example_test.go
rename to decrypt/example_test.go
index 318260077..1a8fed3e7 100644
--- a/example_test.go
+++ b/decrypt/example_test.go
@@ -1,12 +1,17 @@
-package sops_test
+package decrypt
 
 import (
 	"encoding/json"
-	"log"
 
-	"go.mozilla.org/sops/decrypt"
+	"github.com/sirupsen/logrus"
 )
 
+var log *logrus.Logger
+
+func init() {
+	log = logrus.New()
+}
+
 type configuration struct {
 	FirstName string  `json:"firstName"`
 	LastName  string  `json:"lastName"`
@@ -30,7 +35,7 @@ func Example_DecryptFile() {
 		cfg      configuration
 		err      error
 	)
-	confData, err := decrypt.File(confPath, "json")
+	confData, err := File(confPath, "json")
 	if err != nil {
 		log.Fatalf("cleartext configuration marshalling failed with error: %v", err)
 	}
diff --git a/kms/keysource.go b/kms/keysource.go
index 243dd3b7a..784dd443d 100644
--- a/kms/keysource.go
+++ b/kms/keysource.go
@@ -8,8 +8,6 @@ import (
 	"strings"
 	"time"
 
-	"log"
-
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
@@ -17,8 +15,15 @@ import (
 	"github.com/aws/aws-sdk-go/service/kms"
 	"github.com/aws/aws-sdk-go/service/kms/kmsiface"
 	"github.com/aws/aws-sdk-go/service/sts"
+	"github.com/sirupsen/logrus"
 )
 
+var log *logrus.Logger
+
+func init() {
+	log = logrus.New()
+}
+
 // this needs to be a global var for unit tests to work (mockKMS redefines
 // it in keysource_test.go)
 var kmsSvc kmsiface.KMSAPI
diff --git a/kms/keysource_test.go b/kms/keysource_test.go
index 3c1a8dd0b..bdb1aafd0 100644
--- a/kms/keysource_test.go
+++ b/kms/keysource_test.go
@@ -6,8 +6,6 @@ import (
 	"testing/quick"
 	"time"
 
-	"log"
-
 	"github.com/aws/aws-sdk-go/service/kms"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
diff --git a/pgp/keysource.go b/pgp/keysource.go
index 1517ee5ba..83f4ec6c1 100644
--- a/pgp/keysource.go
+++ b/pgp/keysource.go
@@ -11,16 +11,21 @@ import (
 	"strings"
 	"time"
 
-	"log"
-
 	"os/exec"
 
 	"github.com/howeyc/gopass"
+	"github.com/sirupsen/logrus"
 	gpgagent "go.mozilla.org/gopgagent"
 	"golang.org/x/crypto/openpgp"
 	"golang.org/x/crypto/openpgp/armor"
 )
 
+var log *logrus.Logger
+
+func init() {
+	log = logrus.New()
+}
+
 // MasterKey is a PGP key used to securely store sops' data key by encrypting it and decrypting it
 type MasterKey struct {
 	Fingerprint  string
diff --git a/sops.go b/sops.go
index d8fea0e72..256934076 100644
--- a/sops.go
+++ b/sops.go
@@ -45,7 +45,7 @@ import (
 	"strings"
 	"time"
 
-	"log"
+	"github.com/sirupsen/logrus"
 
 	"go.mozilla.org/sops/keys"
 	"go.mozilla.org/sops/keyservice"
@@ -68,6 +68,12 @@ const MacMismatch = sopsError("MAC mismatch")
 // MetadataNotFound occurs when the input file is malformed and doesn't have sops metadata in it
 const MetadataNotFound = sopsError("sops metadata not found")
 
+var log *logrus.Logger
+
+func init() {
+	log = logrus.New()
+}
+
 // DataKeyCipher provides a way to encrypt and decrypt the data key used to encrypt and decrypt sops files, so that the data key can be stored alongside the encrypted content. A DataKeyCipher must be able to decrypt the values it encrypts.
 type DataKeyCipher interface {
 	Encrypt(value interface{}, key []byte, path string, stash interface{}) (string, error)