As one of the most popular tools for automatic operation and maintenance in cloud platforms, Ansible usually stores a lot of administrator accounts information in a configuration file for batching executions. The configuration file is usually stored in the disk in plain text. However, it is not safe in the cloud because the confidentiality and integrity of configuration of Ansible depend on the security of the underlying software. Therefore, it is crucial to reinforce the security of configuration management mechanism of Ansible. In this paper, we implement a configuration management component for Ansible based on SGX (Software Guard eXtensions) proposed by Intel in recent years, which can manage the configuration information of Ansible in a trusted execution environment (TEE) independently. With this component, the configuration information cannot be read or written from outside and its security doesn't depend on the underlying software. The experiments show that our solution is more reliable, and the extra overhead is also acceptable. It is possible to extend our application to a general component for configuration protection in cloud platforms such as OpenStack.