You need to provide more information about the technology stack.
In a nutshell, you would mix the responsibilities of the host, taking care for the gitlab runnner + credential store is not a good design practice. If the host goes down, you are loosing 2 essential services, instead of just one. Most likely you would have other consumers of the store. Also this is breaking the single responsibility principle.
I could tell you from own experience is that we use 'AWS Parameter store' for that ( H/A and detached service ). The secrets are consumed by a helm chart - https://github.com/cmattoon/aws-ssm and injected into the cluster as configurations. After that each interested party could use whatever it wants.
