diff --git a/internal/cmd/base/base.go b/internal/cmd/base/base.go
index 87ea1e6ea6..83cb69dd28 100644
--- a/internal/cmd/base/base.go
+++ b/internal/cmd/base/base.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/hashicorp/watchtower/api"
 	"github.com/mitchellh/cli"
 	"github.com/posener/complete"
 )
@@ -77,7 +78,7 @@ func (c *Command) FlagSet(bit FlagSetBit) *FlagSets {
 			addrStringVar := &StringVar{
 				Name:       FlagNameAddress,
 				Target:     &c.Address,
-				EnvVar:     EnvWatchtowerAddress,
+				EnvVar:     api.EnvWatchtowerAddress,
 				Completion: complete.PredictAnything,
 				Usage:      "Address of the Watchtower controller.",
 			}
@@ -92,7 +93,7 @@ func (c *Command) FlagSet(bit FlagSetBit) *FlagSets {
 				Name:       FlagNameCACert,
 				Target:     &c.flagCACert,
 				Default:    "",
-				EnvVar:     EnvWatchtowerCACert,
+				EnvVar:     api.EnvWatchtowerCACert,
 				Completion: complete.PredictFiles("*"),
 				Usage: "Path on the local disk to a single PEM-encoded CA " +
 					"certificate to verify the Controller or Worker's server's SSL certificate. This " +
@@ -103,7 +104,7 @@ func (c *Command) FlagSet(bit FlagSetBit) *FlagSets {
 				Name:       FlagNameCAPath,
 				Target:     &c.flagCAPath,
 				Default:    "",
-				EnvVar:     EnvWatchtowerCAPath,
+				EnvVar:     api.EnvWatchtowerCAPath,
 				Completion: complete.PredictDirs("*"),
 				Usage: "Path on the local disk to a directory of PEM-encoded CA " +
 					"certificates to verify the SSL certificate of the Controller.",
@@ -113,7 +114,7 @@ func (c *Command) FlagSet(bit FlagSetBit) *FlagSets {
 				Name:       FlagNameClientCert,
 				Target:     &c.flagClientCert,
 				Default:    "",
-				EnvVar:     EnvWatchtowerClientCert,
+				EnvVar:     api.EnvWatchtowerClientCert,
 				Completion: complete.PredictFiles("*"),
 				Usage: "Path on the local disk to a single PEM-encoded CA " +
 					"certificate to use for TLS authentication to the Watchtower Controller. If " +
@@ -124,7 +125,7 @@ func (c *Command) FlagSet(bit FlagSetBit) *FlagSets {
 				Name:       FlagNameClientKey,
 				Target:     &c.flagClientKey,
 				Default:    "",
-				EnvVar:     EnvWatchtowerClientKey,
+				EnvVar:     api.EnvWatchtowerClientKey,
 				Completion: complete.PredictFiles("*"),
 				Usage: "Path on the local disk to a single PEM-encoded private key " +
 					"matching the client certificate from -client-cert.",
@@ -134,7 +135,7 @@ func (c *Command) FlagSet(bit FlagSetBit) *FlagSets {
 				Name:       FlagTLSServerName,
 				Target:     &c.flagTLSServerName,
 				Default:    "",
-				EnvVar:     EnvWatchtowerTLSServerName,
+				EnvVar:     api.EnvWatchtowerTLSServerName,
 				Completion: complete.PredictAnything,
 				Usage: "Name to use as the SNI host when connecting to the Watchtower " +
 					"server via TLS.",
@@ -144,7 +145,7 @@ func (c *Command) FlagSet(bit FlagSetBit) *FlagSets {
 				Name:    FlagNameTLSInsecure,
 				Target:  &c.flagTLSInsecure,
 				Default: false,
-				EnvVar:  EnvWatchtowerTLSInsecure,
+				EnvVar:  api.EnvWatchtowerTLSInsecure,
 				Usage: "Disable verification of TLS certificates. Using this option " +
 					"is highly discouraged as it decreases the security of data " +
 					"transmissions to and from the Watchtower server.",
diff --git a/internal/servers/controller/handler.go b/internal/servers/controller/handler.go
index 40c4195518..ed6efbdda0 100644
--- a/internal/servers/controller/handler.go
+++ b/internal/servers/controller/handler.go
@@ -8,7 +8,7 @@ import (
 	"github.com/grpc-ecosystem/grpc-gateway/runtime"
 	"github.com/hashicorp/vault/internalshared/configutil"
 	"github.com/hashicorp/watchtower/globals"
-	"github.com/hashicorp/watchtower/internal/gen/controller/api"
+	"github.com/hashicorp/watchtower/internal/gen/controller/api/services"
 	"github.com/hashicorp/watchtower/internal/servers/controller/handlers/host_catalogs"
 	"github.com/hashicorp/watchtower/internal/servers/controller/handlers/host_sets"
 	"github.com/hashicorp/watchtower/internal/servers/controller/handlers/hosts"
@@ -18,7 +18,7 @@ type HandlerProperties struct {
 	ListenerConfig *configutil.Listener
 }
 
-// Handler returns an http.Handler for the API. This can be used on
+// Handler returns an http.Handler for the services. This can be used on
 // its own to mount the Vault API within another web server.
 func Handler(props HandlerProperties) http.Handler {
 	// Create the muxer to handle the actual endpoints
@@ -34,9 +34,9 @@ func Handler(props HandlerProperties) http.Handler {
 func handleGrpcGateway() http.Handler {
 	ignored := context.Background()
 	mux := runtime.NewServeMux()
-	api.RegisterHostCatalogServiceHandlerServer(ignored, mux, &host_catalogs.Service{})
-	api.RegisterHostSetServiceHandlerServer(ignored, mux, &host_sets.Service{})
-	api.RegisterHostServiceHandlerServer(ignored, mux, &hosts.Service{})
+	services.RegisterHostCatalogServiceHandlerServer(ignored, mux, &host_catalogs.Service{})
+	services.RegisterHostSetServiceHandlerServer(ignored, mux, &host_sets.Service{})
+	services.RegisterHostServiceHandlerServer(ignored, mux, &hosts.Service{})
 
 	return mux
 }
diff --git a/internal/servers/controller/handlers/host_catalogs/host_catalogs_service.go b/internal/servers/controller/handlers/host_catalogs/host_catalogs_service.go
index 3273c92541..92a20f0376 100644
--- a/internal/servers/controller/handlers/host_catalogs/host_catalogs_service.go
+++ b/internal/servers/controller/handlers/host_catalogs/host_catalogs_service.go
@@ -3,21 +3,21 @@ package host_catalogs
 import (
 	"context"
 
-	"github.com/hashicorp/watchtower/internal/gen/controller/api"
+	"github.com/hashicorp/watchtower/internal/gen/controller/api/services"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
 
 type Service struct {
-	*api.UnimplementedHostCatalogServiceServer
+	*services.UnimplementedHostCatalogServiceServer
 }
 
-func (s Service) ListHostCatalogs(ctx context.Context, req *api.ListHostCatalogsRequest) (*api.ListHostCatalogsResponse, error) {
+func (s Service) ListHostCatalogs(ctx context.Context, req *services.ListHostCatalogsRequest) (*services.ListHostCatalogsResponse, error) {
 	return nil, status.Errorf(codes.NotFound, "Org %q not found", req.OrgId)
 }
 
-func (s Service) DeleteHostCatalog(ctx context.Context, req *api.DeleteHostCatalogRequest) (*api.DeleteHostCatalogResponse, error) {
-	return &api.DeleteHostCatalogResponse{Existed: false}, nil
+func (s Service) DeleteHostCatalog(ctx context.Context, req *services.DeleteHostCatalogRequest) (*services.DeleteHostCatalogResponse, error) {
+	return &services.DeleteHostCatalogResponse{Existed: false}, nil
 }
 
-var _ api.HostCatalogServiceServer = &Service{}
+var _ services.HostCatalogServiceServer = &Service{}
diff --git a/internal/servers/controller/handlers/host_sets/host_set_service.go b/internal/servers/controller/handlers/host_sets/host_set_service.go
index 13220363fd..58515f0b31 100644
--- a/internal/servers/controller/handlers/host_sets/host_set_service.go
+++ b/internal/servers/controller/handlers/host_sets/host_set_service.go
@@ -3,21 +3,21 @@ package host_sets
 import (
 	"context"
 
-	"github.com/hashicorp/watchtower/internal/gen/controller/api"
+	"github.com/hashicorp/watchtower/internal/gen/controller/api/services"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
 
 type Service struct {
-	*api.UnimplementedHostSetServiceServer
+	*services.UnimplementedHostSetServiceServer
 }
 
-func (s Service) ListHostSets(ctx context.Context, req *api.ListHostSetsRequest) (*api.ListHostSetsResponse, error) {
+func (s Service) ListHostSets(ctx context.Context, req *services.ListHostSetsRequest) (*services.ListHostSetsResponse, error) {
 	return nil, status.Errorf(codes.NotFound, "Org %q not found", req.OrgId)
 }
 
-func (s Service) DeleteHostSet(context.Context, *api.DeleteHostSetRequest) (*api.DeleteHostSetResponse, error) {
-	return &api.DeleteHostSetResponse{Existed: false}, nil
+func (s Service) DeleteHostSet(context.Context, *services.DeleteHostSetRequest) (*services.DeleteHostSetResponse, error) {
+	return &services.DeleteHostSetResponse{Existed: false}, nil
 }
 
-var _ api.HostSetServiceServer = &Service{}
+var _ services.HostSetServiceServer = &Service{}
diff --git a/internal/servers/controller/handlers/hosts/host_service.go b/internal/servers/controller/handlers/hosts/host_service.go
index e7aee5f4e8..2e3f768678 100644
--- a/internal/servers/controller/handlers/hosts/host_service.go
+++ b/internal/servers/controller/handlers/hosts/host_service.go
@@ -3,21 +3,21 @@ package hosts
 import (
 	"context"
 
-	"github.com/hashicorp/watchtower/internal/gen/controller/api"
+	"github.com/hashicorp/watchtower/internal/gen/controller/api/services"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
 
 type Service struct {
-	*api.UnimplementedHostServiceServer
+	*services.UnimplementedHostServiceServer
 }
 
-func (s Service) ListHosts(ctx context.Context, req *api.ListHostsRequest) (*api.ListHostsResponse, error) {
+func (s Service) ListHosts(ctx context.Context, req *services.ListHostsRequest) (*services.ListHostsResponse, error) {
 	return nil, status.Errorf(codes.NotFound, "Org %q not found", req.OrgId)
 }
 
-func (s Service) DeleteHost(context.Context, *api.DeleteHostRequest) (*api.DeleteHostResponse, error) {
-	return &api.DeleteHostResponse{}, nil
+func (s Service) DeleteHost(context.Context, *services.DeleteHostRequest) (*services.DeleteHostResponse, error) {
+	return &services.DeleteHostResponse{}, nil
 }
 
-var _ api.HostServiceServer = &Service{}
+var _ services.HostServiceServer = &Service{}