diff --git a/.golangci.yml b/.golangci.yml
index 6d0a4c173..a1b6dd411 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -3,15 +3,13 @@ linters:
   default: none
   enable:
     # Defaults:
+    - errcheck
     - govet
     - ineffassign
     - unused
     # Extra:
     - asciicheck
     - bidichk
-  disable:
-    # Scott L: currently these produce errors that need to be fixed in a seprate PR
-    - errcheck
     - depguard
     - staticcheck
 
diff --git a/plugins/aws/sts_provisioner.go b/plugins/aws/sts_provisioner.go
index b2181ed1a..12f9da0a9 100644
--- a/plugins/aws/sts_provisioner.go
+++ b/plugins/aws/sts_provisioner.go
@@ -271,7 +271,7 @@ func (p assumeRoleProvider) Retrieve(ctx context.Context) (aws.Credentials, erro
 		return aws.Credentials{}, err
 	}
 
-	err = p.stsCacheWriter.Put(credentials)
+	err = p.Put(credentials)
 	if err != nil {
 		return aws.Credentials{}, err
 	}
@@ -308,7 +308,7 @@ func (p mfaSessionTokenProvider) Retrieve(ctx context.Context) (aws.Credentials,
 		return aws.Credentials{}, err
 	}
 
-	err = p.stsCacheWriter.Put(credentials)
+	err = p.Put(credentials)
 	if err != nil {
 		return aws.Credentials{}, err
 	}
diff --git a/plugins/readme/api_key.go b/plugins/readme/api_key.go
index 868e28d10..99df653b2 100644
--- a/plugins/readme/api_key.go
+++ b/plugins/readme/api_key.go
@@ -66,7 +66,7 @@ func TryReadMeConfigFile() sdk.Importer {
 			return
 		}
 
-		var website string = "https://dash.readme.com/go/" + config.Subdomain
+		var website = "https://dash.readme.com/go/" + config.Subdomain
 
 		out.AddCandidate(sdk.ImportCandidate{
 			NameHint: config.Subdomain,
diff --git a/sdk/plugintest/example_secrets.go b/sdk/plugintest/example_secrets.go
index 315648767..7b2f3256a 100644
--- a/sdk/plugintest/example_secrets.go
+++ b/sdk/plugintest/example_secrets.go
@@ -1,11 +1,11 @@
 package plugintest
 
 import (
+	"crypto/rand"
 	"fmt"
 	"log"
-	"math/rand"
+	"math/big"
 	"strings"
-	"time"
 
 	"github.com/1Password/shell-plugins/sdk/schema"
 )
@@ -18,9 +18,6 @@ const (
 	secretExampleSuffix = "EXAMPLE"
 )
 
-var seededRand = rand.New(
-	rand.NewSource(time.Now().UnixNano()))
-
 func ExampleSecretFromComposition(v schema.ValueComposition) string {
 	prefix := getPrefix(v)
 	suffix := getSuffix(v)
@@ -65,10 +62,14 @@ func stringFromCharset(length int, charset string) (string, error) {
 	if charset == "" {
 		return "", fmt.Errorf("invalid charset provided")
 	}
-
+	max := big.NewInt(int64(len(charset)))
 	b := make([]byte, length)
 	for i := range b {
-		b[i] = charset[seededRand.Intn(len(charset))]
+		n, err := rand.Int(rand.Reader, max)
+		if err != nil {
+			return "", fmt.Errorf("reading random: %w", err)
+		}
+		b[i] = charset[n.Int64()]
 	}
 	return string(b), nil
 }
diff --git a/sdk/plugintest/validation_report.go b/sdk/plugintest/validation_report.go
index ccb870b8c..5ede36c6d 100644
--- a/sdk/plugintest/validation_report.go
+++ b/sdk/plugintest/validation_report.go
@@ -59,7 +59,7 @@ type ValidationReportPrinter struct {
 }
 
 func (p *ValidationReportPrinter) Print() {
-	if p.Reports == nil || len(p.Reports) == 0 {
+	if len(p.Reports) == 0 {
 		color.Cyan("No reports to print")
 		return
 	}
@@ -108,19 +108,19 @@ func (p *ValidationReportPrinter) printChecks(checks []schema.ValidationCheck) {
 }
 
 func (p *ValidationReportPrinter) printHeading(heading string) {
-	p.Format.Heading.Printf("# %s\n\n", heading)
+	_, _ = p.Format.Heading.Printf("# %s\n\n", heading)
 }
 
 func (p *ValidationReportPrinter) printCheck(check schema.ValidationCheck) {
 	if check.Assertion {
-		p.Format.Success.Printf("✔ %s\n", check.Description)
+		_, _ = p.Format.Success.Printf("✔ %s\n", check.Description)
 		return
 	}
 
 	if check.Severity == schema.ValidationSeverityWarning {
-		p.Format.Warning.Printf("⚠ %s\n", check.Description)
+		_, _ = p.Format.Warning.Printf("⚠ %s\n", check.Description)
 		return
 	}
 
-	p.Format.Error.Printf("✘ %s\n", check.Description)
+	_, _ = p.Format.Error.Printf("✘ %s\n", check.Description)
 }
diff --git a/sdk/rpc/server/server.go b/sdk/rpc/server/server.go
index e2794bec1..de24ac027 100644
--- a/sdk/rpc/server/server.go
+++ b/sdk/rpc/server/server.go
@@ -107,7 +107,7 @@ func (t *RPCServer) ExecutableNeedsAuth(req proto.ExecutableNeedsAuthRequest, re
 	needsAuth, ok := t.needsAuth[req.ExecutableID]
 	if !ok || needsAuth == nil {
 		return &errFunctionFieldNotSet{
-			objName:  req.ExecutableID.String(),
+			objName:  req.String(),
 			funcName: "NeedsAuth",
 		}
 	}
@@ -134,7 +134,7 @@ func (t *RPCServer) CredentialImport(req proto.ImportCredentialRequest, resp *sd
 	importer, ok := t.importers[req.CredentialID]
 	if !ok || importer == nil {
 		return &errFunctionFieldNotSet{
-			objName:  req.CredentialID.String(),
+			objName:  req.String(),
 			funcName: "Importer",
 		}
 	}
diff --git a/sdk/schema/executable.go b/sdk/schema/executable.go
index eaf0964ab..2f3858289 100644
--- a/sdk/schema/executable.go
+++ b/sdk/schema/executable.go
@@ -130,7 +130,7 @@ func (c CredentialUsage) Validate() (bool, ValidationReport) {
 
 	report.AddCheck(ValidationCheck{
 		Description: "Credential usage has either a credential reference or selection defined, but not both",
-		Assertion:   (c.SelectFrom != nil || c.Name != "") && !(c.SelectFrom != nil && c.Name != ""),
+		Assertion:   (c.SelectFrom != nil || c.Name != "") && (c.SelectFrom == nil || c.Name == ""),
 		Severity:    ValidationSeverityError,
 	})
 	return report.IsValid(), report