diff --git a/charts/k8s-service/README.md b/charts/k8s-service/README.md
index c205d5c9..2301d5d5 100644
--- a/charts/k8s-service/README.md
+++ b/charts/k8s-service/README.md
@@ -1008,6 +1008,21 @@ applicationName: nginx
 
 The only difference here is the `tag` of the `containerImage`.
 
+If you wish to upgrade your `nginx` version to a specific `sha256:` image digest value (not image id), then you can do this by
+using the sha256 value instead of the tag label as shown below:
+
+```yaml
+containerImage:
+  repository: nginx
+  tag: sha256:15b5f7f28672bbbf26f058928b16ecb465843845fafe5ea9a06b05a590709150
+
+applicationName: nginx
+```
+
+This will deploy a specific image version, not a tag that could potentially float (like `latest`). This is very useful if doing
+promotion pipelines where you want the values SBOM (Software Bill Of Materials) to represent a specific image version, not
+a label that may no longer refer to the original image version.  
+
 Next, we will upgrade our release using the updated values. To do so, we will use the `helm upgrade` command:
 
 ```bash
diff --git a/charts/k8s-service/templates/_deployment_spec.tpl b/charts/k8s-service/templates/_deployment_spec.tpl
index b3ffc046..c8273fc4 100644
--- a/charts/k8s-service/templates/_deployment_spec.tpl
+++ b/charts/k8s-service/templates/_deployment_spec.tpl
@@ -146,13 +146,21 @@ spec:
         - name: {{ .Values.applicationName }}-canary
           {{- $repo := required ".Values.canary.containerImage.repository is required" .Values.canary.containerImage.repository }}
           {{- $tag := required ".Values.canary.containerImage.tag is required" .Values.canary.containerImage.tag }}
+          {{- if eq (substr 0 7 $tag) "sha256:" }}
+          image: "{{ $repo }}@{{ $tag }}"
+          {{- else }}
           image: "{{ $repo }}:{{ $tag }}"
+          {{- end }}          
           imagePullPolicy: {{ .Values.canary.containerImage.pullPolicy | default "IfNotPresent" }}
         {{- else }}
         - name: {{ .Values.applicationName }}
           {{- $repo := required ".Values.containerImage.repository is required" .Values.containerImage.repository }}
           {{- $tag := required ".Values.containerImage.tag is required" .Values.containerImage.tag }}
+          {{- if eq (substr 0 7 $tag) "sha256:" }}
+          image: "{{ $repo }}@{{ $tag }}"
+          {{- else }}
           image: "{{ $repo }}:{{ $tag }}"
+          {{- end }}          
           imagePullPolicy: {{ .Values.containerImage.pullPolicy | default "IfNotPresent" }}
         {{- end }}
           {{- if .Values.containerCommand }}