As far as I spleunked, neither PacletSiteRegister nor PacletSiteUpdate accept Authentication or "Headers" options, which are required to access a private remote server. Furthermore, neither of them actually accept HTTPRequest instead of an url as first argument. A paclet server set up in a private GitHub repository requires the following code to access the PacletSite.mz file:

URLRead@HTTPRequest[
   "https://raw.githubusercontent.com/IstvanZachar/TestPrivate/main/PacletSite.mz",
   <|"Headers" -> {"Authorization" -> "token " <> myToken}|>]

Assuming that the user has access to the pre-set myToken (in this case, a Personal Authentication Token), this works. Howeverm, I have no way to pass on authentication details to PacletSiteRegister or PacletSiteUpdate. I understand that a private repo goes somewhat against the idea of a public paclet server, but due to legal considerations, I have to maintain privacy and only allow access to new paclets to colleagues that I share the authentication details with.

Is there a way to solve this issue robustly?

Is WRI planning on extending the PacletSite* functionality with all relevant options (i.e. those avaliable for URLSave or URLDownload)?