diff --git a/cmd/controller/main.go b/cmd/controller/main.go
index 9fe21748ed..07cf269fcb 100644
--- a/cmd/controller/main.go
+++ b/cmd/controller/main.go
@@ -4,7 +4,7 @@ import (
 	goflag "flag"
 	"fmt"
 	"io"
-	"log"
+	"log/slog"
 	"os"
 	"time"
 
@@ -12,6 +12,7 @@ import (
 
 	"github.com/bitnami-labs/sealed-secrets/pkg/controller"
 	"github.com/bitnami-labs/sealed-secrets/pkg/flagenv"
+	"github.com/bitnami-labs/sealed-secrets/pkg/log"
 	"github.com/bitnami-labs/sealed-secrets/pkg/pflagenv"
 
 	ssv1alpha1 "github.com/bitnami-labs/sealed-secrets/pkg/apis/sealedsecrets/v1alpha1"
@@ -52,8 +53,8 @@ func bindControllerFlags(f *controller.Flags, fs *flag.FlagSet) {
 	fs.BoolVar(&f.SkipRecreate, "skip-recreate", false, "if true the controller will skip listening for managed secret changes to recreate them. This helps on limited permission environments.")
 
 	fs.BoolVar(&f.LogInfoToStdout, "log-info-stdout", false, "if true the controller will log info to stdout.")
-	fs.StringVar(&f.LogLevel, "log-level", "INFO", "Log level (DEBUG|INFO|WARN|ERROR).")
-	fs.StringVar(&f.LogLevel, "log-format", "text", "Log format (text|json).")
+	fs.StringVar(&f.LogLevel, "log-level", "INFO", "Log level (INFO|ERROR).")
+	fs.StringVar(&f.LogFormat, "log-format", "text", "Log format (text|json).")
 
 	fs.DurationVar(&f.KeyRenewPeriod, "rotate-period", defaultKeyRenewPeriod, "")
 	_ = fs.MarkDeprecated("rotate-period", "please use key-renew-period instead")
@@ -87,14 +88,26 @@ func mainE(w io.Writer, fs *flag.FlagSet, gofs *goflag.FlagSet, args []string) e
 		return err
 	}
 
+	// Set logging
+	logLevel := slog.Level(0)
+	logLevel.UnmarshalText([]byte(flags.LogLevel))
+	opts := &slog.HandlerOptions{
+		Level: logLevel,
+	}
+	if flags.LogInfoToStdout {
+		slog.SetDefault(slog.New(log.New(os.Stdout, os.Stderr, flags.LogFormat, opts)))
+	} else {
+		slog.SetDefault(slog.New(log.New(os.Stderr, os.Stderr, flags.LogFormat, opts)))
+	}
+
 	ssv1alpha1.AcceptDeprecatedV1Data = flags.AcceptV1Data
 
-	fmt.Fprintf(w, "controller version: %s\n", VERSION)
+	slog.Info("controller version", "version", VERSION)
 	if printVersion {
 		return nil
 	}
 
-	log.Printf("Starting sealed-secrets controller version: %s\n", VERSION)
+	slog.Info("Starting sealed-secrets controller", "version", VERSION)
 	if err := controller.Main(&flags, VERSION); err != nil {
 		panic(err)
 	}
diff --git a/helm/sealed-secrets/README.md b/helm/sealed-secrets/README.md
index 6211b23d34..1749986367 100644
--- a/helm/sealed-secrets/README.md
+++ b/helm/sealed-secrets/README.md
@@ -101,7 +101,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `privateKeyAnnotations`                           | Map of annotations to be set on the sealing keypairs                                                  | `{}`                                |
 | `privateKeyLabels`                                | Map of labels to be set on the sealing keypairs                                                       | `{}`                                |
 | `logInfoStdout`                                   | Specifies whether the Sealed Secrets controller will log info to stdout                               | `false`                             |
-| `logLevel`                                   | Specifies log level of controller (DEBUG,INFO,WARN,ERROR)                               | `""`                             |
+| `logLevel`                                   | Specifies log level of controller (INFO,ERROR)                               | `""`                             |
 | `logFormat`                                   | Specifies log format (text,json)                               | `""`                             |
 | `command`                                         | Override default container command                                                                    | `[]`                                |
 | `args`                                            | Override default container args                                                                       | `[]`                                |
diff --git a/helm/sealed-secrets/values.yaml b/helm/sealed-secrets/values.yaml
index 0ed5956ede..c7aed265c2 100644
--- a/helm/sealed-secrets/values.yaml
+++ b/helm/sealed-secrets/values.yaml
@@ -94,7 +94,7 @@ privateKeyLabels: {}
 ## @param logInfoStdout Specifies whether the Sealed Secrets controller will log info to stdout
 ##
 logInfoStdout: false
-## @param logLevel Specifies log level of controller (DEBUG,INFO,WARN,ERROR)
+## @param logLevel Specifies log level of controller (INFO,ERROR)
 ##
 logLevel: ""
 ## @param logFormat Specifies log format (text,json)
diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go
index d96bb8e1be..1adc16bb4b 100644
--- a/pkg/controller/controller.go
+++ b/pkg/controller/controller.go
@@ -287,7 +287,7 @@ func (c *Controller) unseal(ctx context.Context, key string) (unsealErr error) {
 	unsealRequestsTotal.Inc()
 	obj, exists, err := c.ssInformer.GetIndexer().GetByKey(key)
 	if err != nil {
-		slog.Error("Error fetching object  from store", "key", key, "error", err)
+		slog.Error("Error fetching object from store", "key", key, "error", err)
 		unsealErrorsTotal.WithLabelValues("fetch", "").Inc()
 		return err
 	}
diff --git a/pkg/controller/main.go b/pkg/controller/main.go
index 0b754dbc14..469cd45db1 100644
--- a/pkg/controller/main.go
+++ b/pkg/controller/main.go
@@ -26,7 +26,6 @@ import (
 	"github.com/bitnami-labs/sealed-secrets/pkg/client/clientset/versioned"
 	sealedsecrets "github.com/bitnami-labs/sealed-secrets/pkg/client/clientset/versioned"
 	ssinformers "github.com/bitnami-labs/sealed-secrets/pkg/client/informers/externalversions"
-	"github.com/bitnami-labs/sealed-secrets/pkg/log"
 )
 
 var (
@@ -145,18 +144,6 @@ func initKeyRenewal(ctx context.Context, registry *KeyRegistry, period, validFor
 func Main(f *Flags, version string) error {
 	registerMetrics(version)
 
-	// Set logging
-	logLevel := slog.Level(0)
-	(&logLevel).UnmarshalText([]byte(f.LogLevel))
-	opts := &slog.HandlerOptions{
-		Level: logLevel,
-	}
-	if f.LogInfoToStdout {
-		slog.SetDefault(slog.New(log.New(os.Stdout, os.Stderr, f.LogFormat, opts)))
-	} else {
-		slog.SetDefault(slog.New(log.New(os.Stderr, os.Stderr, f.LogFormat, opts)))
-	}
-
 	config, err := rest.InClusterConfig()
 	if err != nil {
 		return err
@@ -244,7 +231,7 @@ func Main(f *Flags, version string) error {
 				}
 				ctlr.oldGCBehavior = f.OldGCBehavior
 				ctlr.updateStatus = f.UpdateStatus
-				slog.Info("Starting informer for namespace", "namespace", ns)
+				slog.Info("Starting informer", "namespace", ns)
 				go ctlr.Run(stop)
 			}
 		}
diff --git a/pkg/controller/server.go b/pkg/controller/server.go
index 181a3fb401..488e884eb6 100644
--- a/pkg/controller/server.go
+++ b/pkg/controller/server.go
@@ -49,14 +49,14 @@ func httpserver(cp certProvider, sc secretChecker, sr secretRotator, burst int,
 	mux.Handle("/v1/verify", Instrument("/v1/verify", httpRateLimiter.RateLimit(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		content, err := io.ReadAll(r.Body)
 		if err != nil {
-			slog.Error("Error handling /v1/verify request: %v", err)
+			slog.Error("Error handling /v1/verify request", "error", err)
 			w.WriteHeader(http.StatusBadRequest)
 			return
 		}
 
 		valid, err := sc(content)
 		if err != nil {
-			slog.Error("Error validating secret: %v", err)
+			slog.Error("Error validating secret", "error", err)
 			w.WriteHeader(http.StatusInternalServerError)
 			return
 		}