diff --git a/cmd/sops/main.go b/cmd/sops/main.go
index 382f46bd8..6a663ef7c 100644
--- a/cmd/sops/main.go
+++ b/cmd/sops/main.go
@@ -307,14 +307,12 @@ func getKeysources(c *cli.Context, file string) ([]sops.KeySource, error) {
 
 	if c.String("kms") != "" {
 		for _, k := range kms.MasterKeysFromArnString(c.String("kms")) {
-			v := k
-			kmsKeys = append(kmsKeys, &v)
+			kmsKeys = append(kmsKeys, k)
 		}
 	}
 	if c.String("pgp") != "" {
 		for _, k := range pgp.MasterKeysFromFingerprintString(c.String("pgp")) {
-			v := k
-			pgpKeys = append(pgpKeys, &v)
+			pgpKeys = append(pgpKeys, k)
 		}
 	}
 	var err error
@@ -329,12 +327,10 @@ func getKeysources(c *cli.Context, file string) ([]sops.KeySource, error) {
 		kmsString, pgpString, err := yaml.MasterKeyStringsForFile(file, confBytes)
 		if err == nil {
 			for _, k := range pgp.MasterKeysFromFingerprintString(pgpString) {
-				v := k
-				pgpKeys = append(pgpKeys, &v)
+				pgpKeys = append(pgpKeys, k)
 			}
 			for _, k := range kms.MasterKeysFromArnString(kmsString) {
-				v := k
-				kmsKeys = append(kmsKeys, &v)
+				kmsKeys = append(kmsKeys, k)
 			}
 		}
 	}
diff --git a/kms/keysource.go b/kms/keysource.go
index d0fe29854..24ab74aa6 100644
--- a/kms/keysource.go
+++ b/kms/keysource.go
@@ -3,16 +3,17 @@ package kms //import "go.mozilla.org/sops/kms"
 import (
 	"encoding/base64"
 	"fmt"
+	"os"
+	"regexp"
+	"strings"
+	"time"
+
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/kms"
 	"github.com/aws/aws-sdk-go/service/kms/kmsiface"
 	"github.com/aws/aws-sdk-go/service/sts"
-	"os"
-	"regexp"
-	"strings"
-	"time"
 )
 
 var kmsSvc kmsiface.KMSAPI
@@ -82,8 +83,8 @@ func (key *MasterKey) ToString() string {
 }
 
 // NewMasterKeyFromArn takes an ARN string and returns a new MasterKey for that ARN
-func NewMasterKeyFromArn(arn string) MasterKey {
-	k := MasterKey{}
+func NewMasterKeyFromArn(arn string) *MasterKey {
+	k := &MasterKey{}
 	arn = strings.Replace(arn, " ", "", -1)
 	roleIndex := strings.Index(arn, "+arn:aws:iam::")
 	if roleIndex > 0 {
@@ -97,8 +98,8 @@ func NewMasterKeyFromArn(arn string) MasterKey {
 }
 
 // MasterKeysFromArnString takes a comma separated list of AWS KMS ARNs and returns a slice of new MasterKeys for those ARNs
-func MasterKeysFromArnString(arn string) []MasterKey {
-	var keys []MasterKey
+func MasterKeysFromArnString(arn string) []*MasterKey {
+	var keys []*MasterKey
 	if arn == "" {
 		return keys
 	}
diff --git a/pgp/keysource.go b/pgp/keysource.go
index 28bb6c218..b52d7ddb2 100644
--- a/pgp/keysource.go
+++ b/pgp/keysource.go
@@ -4,16 +4,17 @@ import (
 	"bytes"
 	"encoding/hex"
 	"fmt"
-	"github.com/howeyc/gopass"
-	gpgagent "go.mozilla.org/gopgagent"
-	"golang.org/x/crypto/openpgp"
-	"golang.org/x/crypto/openpgp/armor"
 	"io/ioutil"
 	"os"
 	"os/user"
 	"path"
 	"strings"
 	"time"
+
+	"github.com/howeyc/gopass"
+	gpgagent "go.mozilla.org/gopgagent"
+	"golang.org/x/crypto/openpgp"
+	"golang.org/x/crypto/openpgp/armor"
 )
 
 // MasterKey is a PGP key used to securely store sops' data key by encrypting it and decrypting it
@@ -114,16 +115,16 @@ func (key *MasterKey) gpgHome() string {
 }
 
 // NewMasterKeyFromFingerprint takes a PGP fingerprint and returns a new MasterKey with that fingerprint
-func NewMasterKeyFromFingerprint(fingerprint string) MasterKey {
-	return MasterKey{
+func NewMasterKeyFromFingerprint(fingerprint string) *MasterKey {
+	return &MasterKey{
 		Fingerprint:  strings.Replace(fingerprint, " ", "", -1),
 		CreationDate: time.Now().UTC(),
 	}
 }
 
 // MasterKeysFromFingerprintString takes a comma separated list of PGP fingerprints and returns a slice of new MasterKeys with those fingerprints
-func MasterKeysFromFingerprintString(fingerprint string) []MasterKey {
-	var keys []MasterKey
+func MasterKeysFromFingerprintString(fingerprint string) []*MasterKey {
+	var keys []*MasterKey
 	if fingerprint == "" {
 		return keys
 	}
diff --git a/sops.go b/sops.go
index eca8a5d8e..af4a9cc22 100644
--- a/sops.go
+++ b/sops.go
@@ -298,8 +298,7 @@ func (m *Metadata) AddPGPMasterKeys(pgpFps string) {
 		if ks.Name == "pgp" {
 			var keys []MasterKey
 			for _, k := range pgp.MasterKeysFromFingerprintString(pgpFps) {
-				v := k
-				keys = append(keys, &v)
+				keys = append(keys, k)
 				fmt.Println("Keys to add:", keys)
 			}
 			ks.Keys = append(ks.Keys, keys...)
@@ -314,8 +313,7 @@ func (m *Metadata) AddKMSMasterKeys(kmsArns string) {
 		if ks.Name == "kms" {
 			var keys []MasterKey
 			for _, k := range kms.MasterKeysFromArnString(kmsArns) {
-				v := k
-				keys = append(keys, &v)
+				keys = append(keys, k)
 			}
 			ks.Keys = append(ks.Keys, keys...)
 			m.KeySources[i] = ks
@@ -327,8 +325,7 @@ func (m *Metadata) AddKMSMasterKeys(kmsArns string) {
 func (m *Metadata) RemovePGPMasterKeys(pgpFps string) {
 	var keys []MasterKey
 	for _, k := range pgp.MasterKeysFromFingerprintString(pgpFps) {
-		v := k
-		keys = append(keys, &v)
+		keys = append(keys, k)
 	}
 	m.RemoveMasterKeys(keys)
 }
@@ -337,8 +334,7 @@ func (m *Metadata) RemovePGPMasterKeys(pgpFps string) {
 func (m *Metadata) RemoveKMSMasterKeys(arns string) {
 	var keys []MasterKey
 	for _, k := range kms.MasterKeysFromArnString(arns) {
-		v := k
-		keys = append(keys, &v)
+		keys = append(keys, k)
 	}
 	m.RemoveMasterKeys(keys)
 }