Using a Bitbucket private repository in your projects

minompi profile image AlessandroMinoccheri ・1 min read

Many times you may like to use your personal private library in another project.
For example, you may have many private projects that share a common library that can't be open source for your business.
You can use Packagist and pay to have a private repository or you can use Bitbucket with its FREE private repositories.

To include your private Bitbucket repository via Composer you need to add this lines into your composer.json:

         "type": "vcs",
         "url" : "git@bitbucket.org:yourName/yourRepository.git"

VCS stands for version control system. This includes versioning systems like git, svn, fossil or hg.
Composer has a repository type for installing packages from these systems.

If you launch

composer install

now, you have to put a Consumer key into your CLI (command line interface).

This isn't a problem but if you have continuous integration, or your deploy system launches composer install the command, you must have an automatic system able to insert the consumer key or some magic script to manage it.

So, to avoid this problem you need to open your main repository, from Bitbucket for example, create an ssh key and copy the public key.

Generate SSH Key

After that you need to open your private library from Bitbucket, add an access ssh key and paste the public key created previously.

Add SSH Key

Now if you launch

composer install

any request comes up into your CLI and you can have a perfect automatic deployment.


markdown guide

I've done all of this, without success.

Could not find a matching version of package Vendor/Package. Check the package spelling, your version constraint and that the package is available in a stability which matches your minimum-stability (dev).

For me it is also unclear, how colleagues can use the same credentials to have a read only checkout (for local builds)


Well, is not a problem of same credentials but permission of the repository.
If you want you can show me your composer.json file and we can check the problem together

    "name": "Common",
    "description": "Common package",
    "license": "proprietary",
    "authors": [
            "name": "Marcel",
            "email": "marcel@domain.com"
        "type": "vcs",
         "url" : "git@bitbucket.org:Company/library.git"
    "minimum-stability": "dev",
    "require": {
        "php": ">=7.1",
        "company/library": "dev-master"
    "autoload-dev": {
        "psr-4": {
            "Company\\Common\\": "src/",
            "Tests\\": "tests/"

Ok, seems good the composer file, it could be a problem of permission into the repository with the access key.
Another thing to try is to tag your company/library with a simple version like 1.0.0

We did tag it with 1.0.0 and with v1.0.0 (I read various tips about tags have to start with a 'v')

It is unclear with what asccess key composer is looking at the repository :-(

I have my own public key installed on bitbucket ofcourse, but also had an extra that was for read only, as for CI stuff, which this softof is.
But, still... no luck

Into your company/library you need to go to Bitbucket->AccessKeys and add the key of the repository that will include this library, you need to have access to this repository

And where do I find the key of the repository that will include the library?
(or: how do I set it?)

To find the key you need to go into your repository where you want to add yopur library into bitbucket , and generate access keys as the example into my blog post

In your example, I see "pipelines". So still no easy step by step.
Should I put it into a pipeline?
(I've tried that, but it gives me a page where I have to decide on stuff like docker, gradle,maven etc., which doesn't say anything in "adding a ssl key")

No you need to take the public key of your main repository generated by bitbucket into ssh keys under settings. Copy the public key and open into bitbucket the repository of the library that you want to add. Go under access keys, add a new key and paste the public key copied before

ok, so I click on settings on my project (not the library).
There I only see SSH keys on a part of a menu called 'PIPELINES'.

I see 'Acces keys' under part of a menu called 'Repository Details'
(but this is what I used to generate the ssl keys in the library, and you kind of convinced me, it should not be here)

So, still stuck :-(

Ok, as I said before, I need to choose from a couple of options, but doesn't ring any bells.

Docker, Java (Gradle), Java (Maven), JavaScript, PHP, Python, many more in a pulldown. What is the most logical option to select (it is unlcear here, if I choose something, if it can be unchoosen grrr....)

perhaps PHP because we do php development? (but strange: why does bitbucket need to know what program language I use. I use composer to check out. but... still, so much unclearness.

I'm very glad you try to help me btw. Let's have a weekend and see where it leads me.

That is the section (under pipelines) where you can generate your key to add into your library repository on bitbucket to give permission to get the library with composer

Ok, I finally had the time>
I choose Pipelines > SHH keys
I then choose PHP (unclear what this option does, but wth)
Then I had to choose a yaml configuration (which was good, it said)
Then it generated and downloaded a lot of crap. (unclear what it was doing)

After that it was finished, I could click on pipelines > SSH keys again, showing me a page where I could generate keys, of use my own, or I could put in a know host. I clinked on use my own, then it wants a private key, which I find strange, because... it shoudl be private.

Stuck again.


Hello - I've used vcs repo's and they are pulled properly without entering credentials. When updating composer.json though, they are not updated.

Reading ./composer.lock
Resolving dependencies through SAT
Looking at all rules.

Dependency resolution completed in 0.001 seconds
Analyzed 127 packages to resolve dependencies
Analyzed 203 rules to resolve dependencies
Nothing to install or update

I do have

"require": {
"myBitbucketUsername/advanced-custom-fields-pro": "5.8",

And in Bitbucket the latest tag on master is v5.8.3.

Any ideas? Been struggling with this one for a while.