diff --git a/pkg/inspect/public_key.go b/pkg/inspect/public_key.go
index 532b348..6aa1301 100644
--- a/pkg/inspect/public_key.go
+++ b/pkg/inspect/public_key.go
@@ -6,6 +6,7 @@ import (
 	"crypto/x509"
 	"encoding/binary"
 	"errors"
+	"strconv"
 	"strings"
 )
 
@@ -125,6 +126,16 @@ func (f Fingerprint) String() string {
 	return FormatHexBytes([]byte(f))
 }
 
+// MarshalJSON returns a quoted hex string.
+func (f Fingerprint) MarshalJSON() ([]byte, error) {
+	return strconv.AppendQuote(nil, FormatHexBytes([]byte(f))), nil
+}
+
+// MarshalYAML returns a hex string.
+func (f Fingerprint) MarshalYAML() (any, error) {
+	return FormatHexBytes([]byte(f)), nil
+}
+
 const hexDig = "0123456789ABCDEF"
 
 // FormatHexBytes returns a nicely-formatted hex string that is easy to read/compare.
diff --git a/pkg/inspect/tls.go b/pkg/inspect/tls.go
index 1257322..a48ca23 100644
--- a/pkg/inspect/tls.go
+++ b/pkg/inspect/tls.go
@@ -3,6 +3,7 @@ package inspect
 import (
 	"crypto/tls"
 	"fmt"
+	"strconv"
 )
 
 // ConnectionState returns a set of information about a TLS ConnectionState.
@@ -47,6 +48,16 @@ func (ts TLSSecurity) String() string {
 	return "???"
 }
 
+// MarshalJSON returns a quoted string.
+func (ts TLSSecurity) MarshalJSON() ([]byte, error) {
+	return strconv.AppendQuote(nil, ts.String()), nil
+}
+
+// MarshalYAML returns a string.
+func (ts TLSSecurity) MarshalYAML() (any, error) {
+	return ts.String(), nil
+}
+
 // TLSConnectionState holds structured information about a negotiated TLS
 // connection. It does not include the peer's certificate information.
 type TLSConnectionState struct {