diff --git a/cmd/rekor-cli/app/get.go b/cmd/rekor-cli/app/get.go
index 6a20d4cbd64f07dda0258bc97c092bf623297d47..eaeee99242c691b97702f4935a48302905acbc48 100644
--- a/cmd/rekor-cli/app/get.go
+++ b/cmd/rekor-cli/app/get.go
@@ -30,6 +30,7 @@ import (
 	"github.com/spf13/viper"
 
 	"github.com/sigstore/rekor/cmd/rekor-cli/app/format"
+	"github.com/sigstore/rekor/pkg/client"
 	"github.com/sigstore/rekor/pkg/generated/client/entries"
 	"github.com/sigstore/rekor/pkg/generated/models"
 	"github.com/sigstore/rekor/pkg/log"
@@ -70,7 +71,7 @@ var getCmd = &cobra.Command{
 		}
 	},
 	Run: format.WrapCmd(func(args []string) (interface{}, error) {
-		rekorClient, err := GetRekorClient(viper.GetString("rekor_server"))
+		rekorClient, err := client.GetRekorClient(viper.GetString("rekor_server"))
 		if err != nil {
 			return nil, err
 		}
diff --git a/cmd/rekor-cli/app/log_info.go b/cmd/rekor-cli/app/log_info.go
index e52f50976259a25432a1e602a4e1325e4a1eed44..3f57b3b1d471752717b913de1e57f447999c7c94 100644
--- a/cmd/rekor-cli/app/log_info.go
+++ b/cmd/rekor-cli/app/log_info.go
@@ -31,6 +31,7 @@ import (
 
 	"github.com/sigstore/rekor/cmd/rekor-cli/app/format"
 	"github.com/sigstore/rekor/cmd/rekor-cli/app/state"
+	"github.com/sigstore/rekor/pkg/client"
 	"github.com/sigstore/rekor/pkg/generated/client/tlog"
 	"github.com/sigstore/rekor/pkg/log"
 	"github.com/sigstore/rekor/pkg/util"
@@ -59,7 +60,7 @@ var logInfoCmd = &cobra.Command{
 	Long:  `Prints info about the transparency log`,
 	Run: format.WrapCmd(func(args []string) (interface{}, error) {
 		serverURL := viper.GetString("rekor_server")
-		rekorClient, err := GetRekorClient(serverURL)
+		rekorClient, err := client.GetRekorClient(serverURL)
 		if err != nil {
 			return nil, err
 		}
diff --git a/cmd/rekor-cli/app/log_proof.go b/cmd/rekor-cli/app/log_proof.go
index 55813cc9b829eb766c4624bc77aeddf55f3abcd2..70b753bc97318d770e5cdbf5afde7dd2f607bbc1 100644
--- a/cmd/rekor-cli/app/log_proof.go
+++ b/cmd/rekor-cli/app/log_proof.go
@@ -24,6 +24,7 @@ import (
 	"github.com/spf13/viper"
 
 	"github.com/sigstore/rekor/cmd/rekor-cli/app/format"
+	"github.com/sigstore/rekor/pkg/client"
 	"github.com/sigstore/rekor/pkg/generated/client/tlog"
 )
 
@@ -71,7 +72,7 @@ var logProofCmd = &cobra.Command{
 		return nil
 	},
 	Run: format.WrapCmd(func(args []string) (interface{}, error) {
-		rekorClient, err := GetRekorClient(viper.GetString("rekor_server"))
+		rekorClient, err := client.GetRekorClient(viper.GetString("rekor_server"))
 		if err != nil {
 			return nil, err
 		}
diff --git a/cmd/rekor-cli/app/root.go b/cmd/rekor-cli/app/root.go
index 16b349bc5d2e1fa7e4851175fa88a68f019e427a..4466edf9db50ca750c45036bec62b93eae7e67d4 100644
--- a/cmd/rekor-cli/app/root.go
+++ b/cmd/rekor-cli/app/root.go
@@ -22,16 +22,10 @@ import (
 	"os"
 	"strings"
 
-	"github.com/go-openapi/runtime"
-	httptransport "github.com/go-openapi/runtime/client"
-	"github.com/go-openapi/strfmt"
 	homedir "github.com/mitchellh/go-homedir"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
-
-	"github.com/sigstore/rekor/pkg/generated/client"
-	"github.com/sigstore/rekor/pkg/util"
 )
 
 var rootCmd = &cobra.Command{
@@ -114,29 +108,6 @@ func initConfig(cmd *cobra.Command) error {
 	return nil
 }
 
-func GetRekorClient(rekorServerURL string) (*client.Rekor, error) {
-	url, err := url.Parse(rekorServerURL)
-	if err != nil {
-		return nil, err
-	}
-
-	rt := httptransport.New(url.Host, client.DefaultBasePath, []string{url.Scheme})
-	rt.Consumers["application/yaml"] = util.YamlConsumer()
-	rt.Consumers["application/x-pem-file"] = runtime.TextConsumer()
-	rt.Consumers["application/pem-certificate-chain"] = runtime.TextConsumer()
-	rt.Producers["application/yaml"] = util.YamlProducer()
-	rt.Producers["application/timestamp-query"] = runtime.ByteStreamProducer()
-	rt.Consumers["application/timestamp-reply"] = runtime.ByteStreamConsumer()
-
-	if viper.GetString("api-key") != "" {
-		rt.DefaultAuthentication = httptransport.APIKeyAuth("apiKey", "query", viper.GetString("api-key"))
-	}
-
-	registry := strfmt.Default
-	registry.Add("signedCheckpoint", &util.SignedCheckpoint{}, util.SignedCheckpointValidator)
-	return client.New(rt, registry), nil
-}
-
 type urlFlag struct {
 	url string
 }
diff --git a/cmd/rekor-cli/app/search.go b/cmd/rekor-cli/app/search.go
index d96d454900c93f691ca90c75d838b62ebe2d92a5..d39792bfbe9712a84af00cc42c93c2c5cc07cc6f 100644
--- a/cmd/rekor-cli/app/search.go
+++ b/cmd/rekor-cli/app/search.go
@@ -32,6 +32,7 @@ import (
 	"github.com/spf13/viper"
 
 	"github.com/sigstore/rekor/cmd/rekor-cli/app/format"
+	"github.com/sigstore/rekor/pkg/client"
 	"github.com/sigstore/rekor/pkg/generated/client/index"
 	"github.com/sigstore/rekor/pkg/generated/models"
 	"github.com/sigstore/rekor/pkg/log"
@@ -70,7 +71,7 @@ var searchCmd = &cobra.Command{
 	},
 	Run: format.WrapCmd(func(args []string) (interface{}, error) {
 		log := log.Logger
-		rekorClient, err := GetRekorClient(viper.GetString("rekor_server"))
+		rekorClient, err := client.GetRekorClient(viper.GetString("rekor_server"))
 		if err != nil {
 			return nil, err
 		}
diff --git a/cmd/rekor-cli/app/timestamp.go b/cmd/rekor-cli/app/timestamp.go
index d6fda0849e35d71b25e47f08fa2278ab32269a66..c3a3f53f33f0a5971db8dc787e4df9e71ae69e54 100644
--- a/cmd/rekor-cli/app/timestamp.go
+++ b/cmd/rekor-cli/app/timestamp.go
@@ -32,6 +32,7 @@ import (
 	"github.com/sassoftware/relic/lib/pkcs9"
 	"github.com/sassoftware/relic/lib/x509tools"
 	"github.com/sigstore/rekor/cmd/rekor-cli/app/format"
+	"github.com/sigstore/rekor/pkg/client"
 	"github.com/sigstore/rekor/pkg/generated/client/timestamp"
 	"github.com/sigstore/rekor/pkg/log"
 	"github.com/sigstore/rekor/pkg/util"
@@ -202,7 +203,7 @@ var timestampCmd = &cobra.Command{
 		return nil
 	},
 	Run: format.WrapCmd(func(args []string) (interface{}, error) {
-		rekorClient, err := GetRekorClient(viper.GetString("rekor_server"))
+		rekorClient, err := client.GetRekorClient(viper.GetString("rekor_server"))
 		if err != nil {
 			return nil, err
 		}
diff --git a/cmd/rekor-cli/app/upload.go b/cmd/rekor-cli/app/upload.go
index 4a1bc9439f5376b38428df839e3236d405064758..682fd04ac861131d180bd231f51532d15f3c51f7 100644
--- a/cmd/rekor-cli/app/upload.go
+++ b/cmd/rekor-cli/app/upload.go
@@ -29,7 +29,8 @@ import (
 
 	"github.com/pkg/errors"
 	"github.com/sigstore/rekor/cmd/rekor-cli/app/format"
-	"github.com/sigstore/rekor/pkg/generated/client"
+	"github.com/sigstore/rekor/pkg/client"
+	genclient "github.com/sigstore/rekor/pkg/generated/client"
 	"github.com/sigstore/rekor/pkg/generated/client/entries"
 	"github.com/sigstore/rekor/pkg/generated/models"
 	"github.com/sigstore/rekor/pkg/log"
@@ -67,7 +68,7 @@ var uploadCmd = &cobra.Command{
 	Long: `This command takes the public key, signature and URL of the release artifact and uploads it to the rekor server.`,
 	Run: format.WrapCmd(func(args []string) (interface{}, error) {
 		ctx := context.Background()
-		rekorClient, err := GetRekorClient(viper.GetString("rekor_server"))
+		rekorClient, err := client.GetRekorClient(viper.GetString("rekor_server"))
 		if err != nil {
 			return nil, err
 		}
@@ -143,7 +144,7 @@ var uploadCmd = &cobra.Command{
 	}),
 }
 
-func verifyLogEntry(ctx context.Context, rekorClient *client.Rekor, logEntry models.LogEntryAnon) (bool, error) {
+func verifyLogEntry(ctx context.Context, rekorClient *genclient.Rekor, logEntry models.LogEntryAnon) (bool, error) {
 	if logEntry.Verification == nil {
 		return false, nil
 	}
diff --git a/cmd/rekor-cli/app/verify.go b/cmd/rekor-cli/app/verify.go
index 1c7728c204201cacc6c64a6ff4a6b59c8a1ef264..e661ae5495ef98786efeaa2748aae5c497ce1b8f 100644
--- a/cmd/rekor-cli/app/verify.go
+++ b/cmd/rekor-cli/app/verify.go
@@ -28,6 +28,7 @@ import (
 	"github.com/spf13/viper"
 
 	"github.com/sigstore/rekor/cmd/rekor-cli/app/format"
+	"github.com/sigstore/rekor/pkg/client"
 	"github.com/sigstore/rekor/pkg/generated/client/entries"
 	"github.com/sigstore/rekor/pkg/generated/models"
 	"github.com/sigstore/rekor/pkg/log"
@@ -84,7 +85,7 @@ var verifyCmd = &cobra.Command{
 		return nil
 	},
 	Run: format.WrapCmd(func(args []string) (interface{}, error) {
-		rekorClient, err := GetRekorClient(viper.GetString("rekor_server"))
+		rekorClient, err := client.GetRekorClient(viper.GetString("rekor_server"))
 		if err != nil {
 			return nil, err
 		}
diff --git a/cmd/rekor-server/app/watch.go b/cmd/rekor-server/app/watch.go
index 1278cbd38878df1a4d114f5a22ca40e8438bc339..f8e0fb1dfa24729973b207d948348091f45789c4 100644
--- a/cmd/rekor-server/app/watch.go
+++ b/cmd/rekor-server/app/watch.go
@@ -34,8 +34,8 @@ import (
 	"github.com/spf13/viper"
 	"gocloud.dev/blob"
 
-	"github.com/sigstore/rekor/cmd/rekor-cli/app"
-	"github.com/sigstore/rekor/pkg/generated/client"
+	"github.com/sigstore/rekor/pkg/client"
+	genclient "github.com/sigstore/rekor/pkg/generated/client"
 	"github.com/sigstore/rekor/pkg/log"
 	"github.com/sigstore/rekor/pkg/util"
 )
@@ -66,7 +66,7 @@ var watchCmd = &cobra.Command{
 		port := viper.GetUint("rekor_server.port")
 		interval := viper.GetDuration("interval")
 		url := fmt.Sprintf("http://%s:%d", host, port)
-		c, err := app.GetRekorClient(url)
+		c, err := client.GetRekorClient(url)
 		if err != nil {
 			return err
 		}
@@ -129,7 +129,7 @@ func init() {
 	rootCmd.AddCommand(watchCmd)
 }
 
-func doCheck(c *client.Rekor, pub crypto.PublicKey) (*SignedAndUnsignedLogRoot, error) {
+func doCheck(c *genclient.Rekor, pub crypto.PublicKey) (*SignedAndUnsignedLogRoot, error) {
 	li, err := c.Tlog.GetLogInfo(nil)
 	if err != nil {
 		return nil, errors.Wrap(err, "getting log info")
diff --git a/pkg/client/rekor_client.go b/pkg/client/rekor_client.go
new file mode 100644
index 0000000000000000000000000000000000000000..07653d497409427e77f0464be94710a00933fb9b
--- /dev/null
+++ b/pkg/client/rekor_client.go
@@ -0,0 +1,49 @@
+// Copyright 2021 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package client
+
+import (
+	"net/url"
+
+	"github.com/go-openapi/runtime"
+	httptransport "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+	"github.com/sigstore/rekor/pkg/generated/client"
+	"github.com/sigstore/rekor/pkg/util"
+	"github.com/spf13/viper"
+)
+
+func GetRekorClient(rekorServerURL string) (*client.Rekor, error) {
+	url, err := url.Parse(rekorServerURL)
+	if err != nil {
+		return nil, err
+	}
+
+	rt := httptransport.New(url.Host, client.DefaultBasePath, []string{url.Scheme})
+	rt.Consumers["application/yaml"] = YamlConsumer()
+	rt.Consumers["application/x-pem-file"] = runtime.TextConsumer()
+	rt.Consumers["application/pem-certificate-chain"] = runtime.TextConsumer()
+	rt.Producers["application/yaml"] = YamlProducer()
+	rt.Producers["application/timestamp-query"] = runtime.ByteStreamProducer()
+	rt.Consumers["application/timestamp-reply"] = runtime.ByteStreamConsumer()
+
+	if viper.GetString("api-key") != "" {
+		rt.DefaultAuthentication = httptransport.APIKeyAuth("apiKey", "query", viper.GetString("api-key"))
+	}
+
+	registry := strfmt.Default
+	registry.Add("signedCheckpoint", &util.SignedCheckpoint{}, util.SignedCheckpointValidator)
+	return client.New(rt, registry), nil
+}
diff --git a/cmd/rekor-cli/app/root_test.go b/pkg/client/rekor_client_test.go
similarity index 99%
rename from cmd/rekor-cli/app/root_test.go
rename to pkg/client/rekor_client_test.go
index 78941c01e4d6f3778617eb5d2922942f9a2f195a..3fcfb2831b15fd554e5cc768b1f8c6523ec0ea02 100644
--- a/cmd/rekor-cli/app/root_test.go
+++ b/pkg/client/rekor_client_test.go
@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package app
+package client
 
 import (
 	"net/http"
diff --git a/pkg/util/yaml.go b/pkg/client/yaml.go
similarity index 98%
rename from pkg/util/yaml.go
rename to pkg/client/yaml.go
index c3df27ab9fafb33489b868c550829ca19adb110e..e738cf9f44f6ed87eb7d9b66bb721c5968117397 100644
--- a/pkg/util/yaml.go
+++ b/pkg/client/yaml.go
@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package util
+package client
 
 import (
 	"bytes"
diff --git a/pkg/generated/restapi/configure_rekor_server.go b/pkg/generated/restapi/configure_rekor_server.go
index 262d71e07221b47e2e9bc8b768eb0a6622ca4225..c97ef62418d68b56d195a01973d935c1b96483a2 100644
--- a/pkg/generated/restapi/configure_rekor_server.go
+++ b/pkg/generated/restapi/configure_rekor_server.go
@@ -31,6 +31,7 @@ import (
 	"github.com/spf13/viper"
 
 	pkgapi "github.com/sigstore/rekor/pkg/api"
+	"github.com/sigstore/rekor/pkg/client"
 	"github.com/sigstore/rekor/pkg/generated/restapi/operations"
 	"github.com/sigstore/rekor/pkg/generated/restapi/operations/entries"
 	"github.com/sigstore/rekor/pkg/generated/restapi/operations/index"
@@ -67,8 +68,8 @@ func configureAPI(api *operations.RekorServerAPI) http.Handler {
 	api.JSONConsumer = runtime.JSONConsumer()
 	api.JSONProducer = runtime.JSONProducer()
 
-	api.YamlConsumer = util.YamlConsumer()
-	api.YamlProducer = util.YamlProducer()
+	api.YamlConsumer = client.YamlConsumer()
+	api.YamlProducer = client.YamlProducer()
 
 	api.ApplicationXPemFileProducer = runtime.TextProducer()
 	api.ApplicationPemCertificateChainProducer = runtime.TextProducer()
diff --git a/tests/e2e_test.go b/tests/e2e_test.go
index 1126929f08830d78f9996a96f8a9eb9309156ba9..7d09c8b9a717f367206d055e7cd459282806344a 100644
--- a/tests/e2e_test.go
+++ b/tests/e2e_test.go
@@ -43,8 +43,8 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/in-toto/in-toto-golang/in_toto"
 	"github.com/in-toto/in-toto-golang/pkg/ssl"
-	"github.com/sigstore/rekor/cmd/rekor-cli/app"
-	"github.com/sigstore/rekor/pkg/generated/client"
+	"github.com/sigstore/rekor/pkg/client"
+	genclient "github.com/sigstore/rekor/pkg/generated/client"
 	"github.com/sigstore/rekor/pkg/generated/client/entries"
 	"github.com/sigstore/rekor/pkg/generated/client/timestamp"
 	"github.com/sigstore/rekor/pkg/generated/models"
@@ -568,7 +568,7 @@ func TestSignedEntryTimestamp(t *testing.T) {
 	})
 
 	// submit our newly signed payload to rekor
-	rekorClient, err := app.GetRekorClient("http://localhost:3000")
+	rekorClient, err := client.GetRekorClient("http://localhost:3000")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -639,7 +639,7 @@ func TestTimestampResponseCLI(t *testing.T) {
 	out := runCli(t, "timestamp", "--artifact", filePath, "--out", responsePath)
 	outputContains(t, out, "Wrote timestamp response to")
 
-	rekorClient, err := app.GetRekorClient("http://localhost:3000")
+	rekorClient, err := client.GetRekorClient("http://localhost:3000")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -696,7 +696,7 @@ func TestGetNonExistantUUID(t *testing.T) {
 	outputContains(t, out, "404")
 }
 
-func rekorTimestampCertChain(t *testing.T, ctx context.Context, c *client.Rekor) []*x509.Certificate {
+func rekorTimestampCertChain(t *testing.T, ctx context.Context, c *genclient.Rekor) []*x509.Certificate {
 	resp, err := c.Timestamp.GetTimestampCertChain(&timestamp.GetTimestampCertChainParams{Context: ctx})
 	if err != nil {
 		t.Fatal(err)