debian: adopt new accountcredentials config structure

debian/etc-taler-exchange/taler/conf.d/exchange-business.conf

@@ -19,3 +19,15 @@ BASE_URL =
 # specification on Etags.
 # TERMS_ETAG =
 # PRIVACY_ETAG =
+
+
+# Bank accounts used by the exchange should be specified here:
+[exchange-accounts-1]
+
+enable_credit = yes
+enable_debit = yes
+payto_uri =
+
+# Credentials to access the account are in a separate
+# config file with restricted permissions.
+@inline-secret@ exchange-accountcredentials-1 ../exchange-accountcredentials.secret.conf

debian/etc-taler-exchange/taler/secrets/exchange-accountcredentials.secret.conf

@@ -0,0 +1,17 @@
+# This file contains the secret credentials
+# to access the Taler Wire Gateway API (usually
+# provided by LibEuFin) for the exchange accounts.
+#
+# Each exchange-account-* section should have a matching
+# exchange-accountcredentials-* section here.
+#
+# Each of those sections must be imported via @inline-secret@,
+# usually in conf.d/exchange-business.conf.
+
+[exchange-accountcredentials-1]
+
+wire_gateway_auth_method = basic
+password =
+username =
+wire_gateway_url =
+

debian/etc-taler-exchange/taler/secrets/exchange-accounts.secret.conf

@@ -1,21 +0,0 @@
-# This file should contain the wire account access information which is needed
-# by the Taler exchange to talk to LibEuFin to interact with the bank.
-# The file SHOULD only be readable for the "taler-exchange-wire" user,
-# as other users/services have no business talking to the bank.
-
-
-[exchange-account-1]
-enable_credit = yes
-
-enable_debit = yes
-
-wire_gateway_auth_method = basic
-
-password =
-
-username =
-
-wire_gateway_url =
-
-payto_uri =
-