Hardening guideline for Ansible itself

[Pawel]

Hi,

I'm looking for best practices describing how to harden Ansible installation itself. Unauthorized access to Ansible host can do a lot of harm to the organization especially if someone could get access to playbooks or keys used by Ansible. The question is how to protect Ansible installation and sensitive data repository. 

Thanks for any suggestions 

regards 

Pawel