diff --git a/nixos/tests/taler/common/nodes.nix b/nixos/tests/taler/common/nodes.nix
index fcfcb6d6648f..2b9a9ea6a878 100644
--- a/nixos/tests/taler/common/nodes.nix
+++ b/nixos/tests/taler/common/nodes.nix
@@ -55,7 +55,12 @@ rec {
             settings = {
               taler.CURRENCY = CURRENCY;
             };
-            includes = [ ../conf/taler-accounts.conf ];
+            includes = [
+              ../conf/taler-accounts.conf
+              # The exchange requires a token from the bank, so its credentials
+              # need to be set at runtime
+              "/etc/taler/secrets/exchange-account.secret.conf"
+            ];
             exchange = {
               enable = true;
               debug = true;
diff --git a/nixos/tests/taler/common/scripts.nix b/nixos/tests/taler/common/scripts.nix
index c074e9b03c6c..cad9935fc98a 100644
--- a/nixos/tests/taler/common/scripts.nix
+++ b/nixos/tests/taler/common/scripts.nix
@@ -83,6 +83,17 @@ in
           return json.loads(response)["access_token"]
 
 
+      # Basic auth is deprecated, so exchange credentials must be set at
+      # runtime because it requires a token from the bank.
+      def create_exchange_auth(token: str):
+          template = f"""
+          [exchange-accountcredentials-test]
+          WIRE_GATEWAY_URL = http://bank:8082/accounts/exchange/taler-wire-gateway/
+          WIRE_GATEWAY_AUTH_METHOD = BEARER
+          TOKEN = "{token}"
+          """
+          return "\n".join([line.strip() for line in template.splitlines()])
+
       def verify_balance(balanceWanted: str):
           """Compare Taler CLI wallet balance with expected amount"""
           balance = wallet_cli("balance --json")
diff --git a/nixos/tests/taler/conf/taler-accounts.conf b/nixos/tests/taler/conf/taler-accounts.conf
index 9246c25a83ad..8cfb482eb063 100644
--- a/nixos/tests/taler/conf/taler-accounts.conf
+++ b/nixos/tests/taler/conf/taler-accounts.conf
@@ -2,9 +2,3 @@
 PAYTO_URI = payto://x-taler-bank/bank:8082/exchange?receiver-name=Exchange
 ENABLE_DEBIT = YES
 ENABLE_CREDIT = YES
-
-[exchange-accountcredentials-test]
-WIRE_GATEWAY_URL = http://bank:8082/accounts/exchange/taler-wire-gateway/
-WIRE_GATEWAY_AUTH_METHOD = BASIC
-USERNAME = exchange
-PASSWORD = exchange
diff --git a/nixos/tests/taler/tests/basic.nix b/nixos/tests/taler/tests/basic.nix
index 83c9e90cffe5..4dc750adc45a 100644
--- a/nixos/tests/taler/tests/basic.nix
+++ b/nixos/tests/taler/tests/basic.nix
@@ -76,11 +76,17 @@ import ../../make-test-python.nix (
 
 
         exchange.start()
+
+        # exchange credentials must be set at runtime because it requires a token from the bank
+        exchange.succeed("mkdir -p /etc/taler/secrets/")
+        exchange.succeed("touch /etc/taler/secrets/exchange-account.secret.conf")
+
         exchange.wait_for_open_port(8081)
 
         # Create access token for exchange
         accessTokenExchange = create_token(exchange, "exchange", "exchange")
 
+        exchange.succeed(f'echo "{create_exchange_auth(accessTokenExchange)}" > /etc/taler/secrets/exchange-account.secret.conf')
 
         with subtest("Set up exchange"):
             exchange.wait_until_succeeds("taler-exchange-offline download sign upload")