Passing environment variables to runners: encrypted?


I’m interested in passing environment variables to my gitlab runners. However, some of those variables may contain sensitive information. So, my questions:

  1. is this information stored encrypted on the gitlab server, or in plaintext?

  2. is this information transmitted to the runner encrypted, or in plaintext?

  3. if it’s encrypted, how are the keys managed, stored?

Thanks in advance,