When providing updates for your composer based Drupal site, Acquia s automation runs the composer update --validate command to check the validity of your composer.json file. 

If your composer.json file contains links to a private repository you will need to ensure that a token is included in your file to allow the Acquia RA Bot to acce this repository. Without this the composer update command will fail and we will be unable to provide you with an automated security update branch. 

If your site includes packages in a private repository in your composer.json file, you will need to generate a token in Github  (or GitLab) and add it to your composer.json file. This should be located underneath the repository information and require statement in your file. The configuration is like below:

For more details on creating a token(OAuth) on Bitbucket see here :

Bitbucket :

{
    "require": {
        "vendor/my-private-repo": "dev-master"
    },
    "repositories" : [
        {
            "type": "vcs",
    "url":  "[email protected]:vendor/my-private-repo.git"
        }
    ],
    "config": {
      "bitbucket-oauth": {
    "bitbucket.org": {
         "consumer-key": "myKey"
         "consumer-secret": "mySecret"
         }
       }
   }
}

For more details on creating a token on Github see here :  

Github:

{
    "require": {
        "vendor/my-private-repo": "dev-master"
    },
 
    "repositories" : [
        {
            "type": "vcs",
            "url" : "[email protected]:vendor/my-private-repo.git"
        }
    ],
    "config": {
      "github-oauth": {
        "github.com": "myTokenKey"
      }
    }
}

Note: Composer should have cloned it in cache, If you already used a private repository. If you like to install the same package with drivers, you need  to launch the following commands to update composer cache and install the package from dist.

composer clearcache 

and then

composer update