How to Stop Tracking appsettings.json in Visual Studio for Multi-Service Projects

Peter ImadePeter Imade
3 min read

When building .NET microservices (or any .NET solution), you’ll usually end up with multiple appsettings.json files—one for each service. These files often contain sensitive data like database connections, third-party API keys, and SMTP credentials.

If you're using Visual Studio and mistakenly pushed those files to GitHub, don't panic. In this post, I’ll walk you through how to stop tracking these files and make sure they stay out of your repo—for good.

❗️Why This Matters

Committing your appsettings.json to GitHub exposes sensitive credentials, especially in public repos. Even in private ones, it's a risky habit. These should never be tracked unless you're absolutely sure they contain no secrets.

Typical Mistake in Microservices Repos

When all your services are inside one solution like this:

/BookLendr
│
├── /UserService
│   └── appsettings.json
│
├── /NotificationService
│   └── appsettings.json
│
└── /EmailService
    └── appsettings.json

You might think ignoring appsettings.json in .gitignore will stop Git from tracking them. Nope—if they’ve already been committed before, .gitignore won’t do anything.

✅ Step-by-Step: Untrack appsettings.json in Visual Studio

1. Add to .gitignore

Go to the root of your solution (where your .gitignore lives) and add this line:

**/appsettings*.json

This tells Git to ignore any file named appsettings.json, appsettings.Development.json, appsettings.Production.json, etc., inside any folder.

In Visual Studio: Go to Solution Explorer → Show All Files, right-click .gitignoreOpen With → Select Source Code (Text) Editor

2. Untrack Files Already Committed

If you've already pushed those files before, Git will continue tracking them. You have to untrack them manually.

Still inside Visual Studio:

  • Open Terminal from View → Terminal or Ctrl+ (backtick).

  • Run the following commands for each tracked config file:

git rm --cached UserService/appsettings.json
git rm --cached NotificationService/appsettings.json
git rm --cached EmailService/appsettings.json

After that:

git commit -m "Remove appsettings.json files from Git tracking"
git push

3. Confirm They’re Gone from GitHub

Visit your GitHub repo. Refresh.

  • Go into each service folder.

  • The appsettings.json file should be gone.

  • But it should still exist on your local machine (don’t worry).

⚠️ Bonus Tip: Add a README Note

In your README.md, add a reminder for collaborators:

NOTE: appsettings.json files are excluded from version control. Make sure to create your own local versions or use environment variables.

Where Should Secrets Go?

Use better practices:

  • 🔐 Azure Key Vault — Best for production

  • 🧪 User Secrets — Great for local dev

  • 🌍 Environment Variables — Useful in CI/CD

You can also consider dotnet user-secrets for testing locally:

dotnet user-secrets init
dotnet user-secrets set "Jwt:Secret" "your-secret"

Summary

  • **/appsettings*.json in .gitignore

  • git rm --cached = remove from Git tracking

  • Push changes and protect your secrets

That’s it! Your secrets are now safe, and your project is clean.

0
Subscribe to my newsletter

Read articles from Peter Imade directly inside your inbox. Subscribe to the newsletter, and don't miss out.

C#dotnetMicroservices

Written by

Peter Imade
Peter Imade

Peter is a Technical writer who has specific interests in software and API documentation. He is also a back-end developer who loves to share his knowledge of programming concepts on his blog and for other publications.