diff --git a/CHANGELOG.md b/CHANGELOG.md
index 13efe5d2b6eee410552c94f3f967d672775bd656..a9d6ea5f24c986304c2c5ed3e118bdb45e2d3761 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,15 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [6.4.0] - 2024-12-05
+
+### Changed
+
+- The release-it template is now added to the common pipeline and is gated on
+  there being a `.release-it.json` file present in the repository root. This
+  shouldn't affect any current users since this file needs to be present to use
+  release-it.
+
 ## [6.3.0] - 2024-12-05
 
 ### Added
diff --git a/auto-devops/common-pipeline.yml b/auto-devops/common-pipeline.yml
index f3b77ec8a983f86d996096b7524af2ef676f8c72..97e5e79904ca1036a2cb0ed27f7ad596903150f1 100644
--- a/auto-devops/common-pipeline.yml
+++ b/auto-devops/common-pipeline.yml
@@ -20,6 +20,7 @@ include:
   - local: "/auto-devops/mkdocs-docs.gitlab-ci.yml"
   - local: "/auto-devops/trigger-renovatebot.gitlab-ci.yml"
   - local: "/auto-devops/openapi-generator.gitlab-ci.yml"
+  - local: "/auto-devops/release-it.yml"
 
   # Fail-safe workflow rules. These can be overridden by CI configuration which includes us.
   - template: Workflows/Branch-Pipelines.gitlab-ci.yml
diff --git a/auto-devops/release-it.yml b/auto-devops/release-it.yml
index 98ecbf8bb217821d1651886216da3ab57cfd98fe..1c9b77af969e0232c7dcfafae979e39beb6c2851 100644
--- a/auto-devops/release-it.yml
+++ b/auto-devops/release-it.yml
@@ -1,9 +1,17 @@
 # release-it.yml enables automated release management using the release-it tool.
+#
+# This template is intended to be added to the common pipeline. As such no jobs are added unless specifically enabled by
+# the presence of a special file named ".release-it.json" in the root of the repository.
+#
+# Set the RELEASE_IT_DISABLED variable to disable release-it jobs if they are erroneously enabled.
+#
+# The USE_MERGE_REQUEST_RELEASE_FLOW variable is not namespaced. To avoid breaking existing users, this variable is left
+# as is.
 
 include:
   - local: /fragments/get-gcp-secrets.yml
 
-.release-base:
+.release-it:base:
   image:
     name: registry.gitlab.developers.cam.ac.uk/uis/devops/infra/dockerimages/release-it:latest
   variables:
@@ -40,24 +48,30 @@ include:
   tags:
     - $GKE_RUNNER_TAG
 
-update-release-merge-request:
-  extends: .release-base
+release-it:update-release-merge-request:
+  extends: .release-it:base
   stage: development
   script: /opt/devops/update-merge-request.sh
   needs: []
   rules:
+    - if: $RELEASE_IT_DISABLED
+      when: never
     # This job should only run if this variable is not null.
     - if: $USE_MERGE_REQUEST_RELEASE_FLOW == null
       when: never
     # This is the main rule to run this job if we're using the merge request workflow and the pipeline is running on
     # either the default branch or a branch named "release/fix-...".
     - if: ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /^release\/fix-.*$/i) && $CI_COMMIT_MESSAGE !~ /chore\(release\)/
+      exists:
+        - .release-it.json
 
-release:
-  extends: .release-base
+release-it:release:
+  extends: .release-it:base
   stage: production
   script: /opt/devops/release.sh
   rules:
+    - if: $RELEASE_IT_DISABLED
+      when: never
     # This rule stops the job running if it is a new or rebased branch ($CI_COMMIT_BEFORE_SHA ==
     # "0000000000000000000000000000000000000000") or if the pipeline was manually triggered via the web UI but only if
     # we're using the merge request workflow.
@@ -66,6 +80,8 @@ release:
     # When using the merge request workflow, this release job should only trigger for pipelines on the default branch or
     # branches starting "release/fix-" and only if the automated release bot commit was merged as the most recent commit.
     - if: ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /^release\/fix-.*$/i) && $USE_MERGE_REQUEST_RELEASE_FLOW && $CI_COMMIT_MESSAGE =~ /chore\(release\)/
+      exists:
+        - .release-it.json
     # If we're using the merge request workflow but all previous rules have not matched then we do not run the
     # release job.
     - if: $USE_MERGE_REQUEST_RELEASE_FLOW
@@ -74,3 +90,5 @@ release:
     # default branch or a branch starting "release/fix-". Note that we don't run the job if the last commit was the release
     # commit by the bot account otherwise we'll get stuck in an infinite loop.
     - if: ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /^release\/fix-.*$/i) && $CI_COMMIT_MESSAGE !~ /chore\(release\)/
+      exists:
+        - .release-it.json