diff --git a/tools/psa/README.md b/tools/psa/README.md
index 3ebf3d3da6..2376d1339d 100644
--- a/tools/psa/README.md
+++ b/tools/psa/README.md
@@ -34,16 +34,18 @@ Each implementation requires a set of autogenerated files describing the secure
 `release.py` is the script assigned with compiling the secure images:
 
 ```
-usage: release.py [-h] [-m MCU] [-d]
+usage: release.py [-h] [-m MCU] [-d] [--commit]
 
 optional arguments:
   -h, --help         show this help message and exit
   -m MCU, --mcu MCU  build for the given MCU
   -d, --debug        set build profile to debug
+  --commit           create a git commit for each platform
 ```
 
 * When `MCU ` is not specified, the script compiles all the images for all the targets.
 * When `-d/--debug` is not specified, the script compiles the images using the release profile.
+* When `--commit` is not specified, the script will not commit the images to git.
 
 This script should be run in following scenarios:
 
diff --git a/tools/psa/release.py b/tools/psa/release.py
index 987bd37ce2..fa9fda45fc 100644
--- a/tools/psa/release.py
+++ b/tools/psa/release.py
@@ -45,11 +45,15 @@ def get_mbed_official_psa_release():
     psa_targets_release_list = []
     psa_secure_targets = [t for t in TARGET_NAMES if Target.get_target(t).is_PSA_secure_target]
     for t in psa_secure_targets:
+        delivery_dir = os.path.join(ROOT, 'targets', TARGET_MAP[t].delivery_dir)
+        if not os.path.exists(delivery_dir):
+            raise Exception("{} does not have delivery_dir".format(TARGET_MAP[t].name))
         psa_targets_release_list.append(
             tuple(
                 [
                     TARGET_MAP[t].name,
-                    TARGET_MAP[t].default_toolchain
+                    TARGET_MAP[t].default_toolchain,
+                    delivery_dir,
                 ]
             )
         )
@@ -116,13 +120,35 @@ def build_tfm_platform(target, toolchain, profile='release'):
     ])
 
 
-def build_psa_platform(target, toolchain, debug=False):
+def commit_biannries(target, delivery_dir):
+    cmd = [
+        'git',
+        '-C', ROOT,
+        'add', os.path.relpath(delivery_dir, ROOT)
+    ]
+
+    subprocess.call(cmd)
+    commit_message = 'Update secure binaries for {}'.format(target)
+    cmd = [
+        'git',
+        '-C', ROOT,
+        'commit',
+        '-m', commit_message
+    ]
+
+    subprocess.call(cmd)
+
+
+def build_psa_platform(target, toolchain, delivery_dir, debug=False, git_commit=False):
     profile = 'debug' if debug else 'release'
     if _psa_backend(target) is 'TFM':
         build_tfm_platform(target, toolchain, profile)
     else:
         build_mbed_spm_platform(target, toolchain, profile)
 
+    if git_commit:
+        commit_biannries(target, delivery_dir)
+
 
 def get_parser():
     parser = ArgumentParser()
@@ -136,6 +162,11 @@ def get_parser():
                         action="store_true",
                         default=False)
 
+    parser.add_argument("--commit",
+                        help="create a git commit for each platform",
+                        action="store_true",
+                        default=False)
+
     return parser
 
 
@@ -161,8 +192,8 @@ def main():
     if options.mcu is not '*':
         target_filter_function = filter_target(options.mcu)
 
-    for target, toolchain in filter(target_filter_function, psa_platforms_list):
-        build_psa_platform(target, toolchain, options.debug)
+    for target, toolchain, delivery_dir in filter(target_filter_function, psa_platforms_list):
+        build_psa_platform(target, toolchain, delivery_dir, options.debug, options.commit)
 
 
 if __name__ == '__main__':