Yes, but credentials should either be long lived with (very) limited scope _or_ short lived with required scope.
For example, for AWS you can create long lived credentials for users which are scoped to only allow one operation, namely obtaining a short lived token (with the aid of a hardware token such as a Yubikey) with scope to perform other operations.
For example, for AWS you can create long lived credentials for users which are scoped to only allow one operation, namely obtaining a short lived token (with the aid of a hardware token such as a Yubikey) with scope to perform other operations.
AWS guide here: https://aws.amazon.com/blogs/security/enhance-programmatic-a...