There's lots you can do, but up to you what is an appropriate level of risk.
Using vault to encrypt all credentials for connecting to your hosts and not
storing your vault password on disk would help.
You could keep your ansible configuration in source control and build a new
ansible
Hello Experts,
I am using ansible to configure my windows servers with powershell
playbooks. Ansible servers communicates with the endpoints using WinRM
Connections.
I fear that if in any case the ansible server gets compromised the attacker
can modify the playbooks and execute the malicious