diff --git a/.github/workflows/build-pipeline.yml b/.github/workflows/build-pipeline.yml
index c28f1a0e..62e6b393 100644
--- a/.github/workflows/build-pipeline.yml
+++ b/.github/workflows/build-pipeline.yml
@@ -243,6 +243,19 @@ jobs:
           pull: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          
+      - name: Deploy Harmony
+        env:
+            ENV: ${{ env.venue }}
+            CMR_USER: ${{ secrets.CMR_USER }}
+            CMR_PASS: ${{ secrets.CMR_PASS }}
+        if: |
+          github.ref == 'refs/heads/main'    ||
+          startsWith(github.ref, 'refs/heads/release')
+        working-directory: deployment
+        run: 
+          poetry run python harmony_deploy.py --tag ${{ env.software_version }} 
+
 # As of 2023/01/23 these steps below for scanning the Docker image with Snyk are failing. I've tried both the official Snyk
 # action https://github.com/snyk/actions/tree/master/docker and this method below of manually calling the CLI.
 # The error when using the official Snyk action is
diff --git a/deployment/harmony_deploy.py b/deployment/harmony_deploy.py
new file mode 100644
index 00000000..57e46f97
--- /dev/null
+++ b/deployment/harmony_deploy.py
@@ -0,0 +1,67 @@
+import os
+import requests
+import json
+import logging
+import argparse
+from requests.auth import HTTPBasicAuth
+
+# Environment variables
+ENV = os.getenv('ENV')
+CMR_USER = os.getenv('CMR_USER')
+CMR_PASS = os.getenv('CMR_PASS')
+
+def bearer_token() -> str:
+    tokens = []
+    headers = {'Accept': 'application/json'}
+    url = f"https://{'uat.' if ENV == 'uat' else ''}urs.earthdata.nasa.gov/api/users"
+
+    # First just try to get a token that already exists
+    try:
+        resp = requests.get(url + "/tokens", headers=headers, auth=HTTPBasicAuth(CMR_USER, CMR_PASS))
+        response_content = json.loads(resp.content)
+
+        for x in response_content:
+            tokens.append(x['access_token'])
+
+    except Exception:  # noqa E722
+        logging.warning("Error getting the token - check user name and password", exc_info=True)
+
+    # No tokens exist, try to create one
+    if not tokens:
+        try:
+            resp = requests.post(url + "/token", headers=headers, auth=HTTPBasicAuth(CMR_USER, CMR_PASS))
+            response_content = json.loads(resp.content)
+            tokens.append(response_content['access_token'])
+        except Exception:  # noqa E722
+            logging.warning("Error getting the token - check user name and password", exc_info=True)
+
+    # If still no token, then we can't do anything
+    if not tokens:
+        raise RuntimeError("Unable to get bearer token from EDL")
+
+    return next(iter(tokens))
+
+if __name__ == "__main__":
+
+    parser = argparse.ArgumentParser(description="Update the service image tag.")
+    parser.add_argument("--tag", help="The new tag version to update.", required=True)
+    args = parser.parse_args()
+
+    url = f"https://harmony.{'uat.' if ENV == 'uat' else ''}earthdata.nasa.gov/service-image-tag/podaac-l2-subsetter"
+    token = bearer_token()
+
+    headers = {
+        "Authorization": f"Bearer {token}",
+        "Content-type": "application/json"
+    }
+    data = {
+        "tag": args.tag
+    }
+
+    response = requests.put(url, headers=headers, json=data)
+
+    print(response.status_code)
+    try:
+        print(response.json())
+    except json.JSONDecodeError:
+        print("Response content is not in JSON format")