diff --git a/src/cml.js b/src/cml.js
index b303942d8..a8a4ac9c3 100755
--- a/src/cml.js
+++ b/src/cml.js
@@ -408,7 +408,13 @@ class CML {
   }
 
   async startRunner(opts = {}) {
-    return await this.getDriver().startRunner(opts);
+    const env = {};
+    const sensitive =
+      ['CML_RUNNER_SENSITIVE_ENV'] +
+      process.env.CML_RUNNER_SENSITIVE_ENV.split(':');
+    for (const variable in process.env)
+      if (!sensitive.includes(variable)) env[variable] = process.env[variable];
+    return await this.getDriver().startRunner({ ...opts, env });
   }
 
   async registerRunner(opts = {}) {
diff --git a/src/drivers/bitbucket_cloud.js b/src/drivers/bitbucket_cloud.js
index 0c6a668dd..b626f467b 100644
--- a/src/drivers/bitbucket_cloud.js
+++ b/src/drivers/bitbucket_cloud.js
@@ -124,7 +124,7 @@ class BitbucketCloud {
 
   async startRunner(opts) {
     const { projectPath } = this;
-    const { workdir, name, labels } = opts;
+    const { workdir, name, labels, env } = opts;
 
     winston.warn(
       `Bitbucket runner is working under /tmp folder and not under ${workdir} as expected`
@@ -155,7 +155,7 @@ class BitbucketCloud {
       ${gpu ? '--runtime=nvidia -e NVIDIA_VISIBLE_DEVICES=all' : ''} \
       docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner:1`;
 
-      return spawn(command, { shell: true });
+      return spawn(command, { shell: true, env });
     } catch (err) {
       throw new Error(`Failed preparing runner: ${err.message}`);
     }
diff --git a/src/drivers/github.js b/src/drivers/github.js
index e95173dcf..ee6bc6191 100644
--- a/src/drivers/github.js
+++ b/src/drivers/github.js
@@ -249,7 +249,7 @@ class Github {
   }
 
   async startRunner(opts) {
-    const { workdir, single, name, labels } = opts;
+    const { workdir, single, name, labels, env } = opts;
 
     try {
       const runnerCfg = resolve(workdir, '.runner');
@@ -285,7 +285,7 @@ class Github {
 
       return spawn(resolve(workdir, 'run.sh'), {
         shell: true,
-        env: {}
+        env
       });
     } catch (err) {
       throw new Error(`Failed preparing GitHub runner: ${err.message}`);
diff --git a/src/drivers/gitlab.js b/src/drivers/gitlab.js
index ebb594a20..ed5975958 100644
--- a/src/drivers/gitlab.js
+++ b/src/drivers/gitlab.js
@@ -176,7 +176,8 @@ class Gitlab {
       single,
       labels,
       name,
-      dockerVolumes = []
+      dockerVolumes = [],
+      env
     } = opts;
 
     const gpu = await gpuPresent();
@@ -210,7 +211,7 @@ class Gitlab {
         ${dockerVolumesTpl} \
         ${single ? '--max-builds 1' : ''}`;
 
-      return spawn(command, { shell: true, env: {} });
+      return spawn(command, { shell: true, env });
     } catch (err) {
       if (err.message === 'Forbidden')
         err.message +=