I generally have service accounts specific for testing with significant restrictions. Hardware keys present their own complications for non-human ops, so they don't really belong there.

More just seeking bounds of possibilities, thanks for your replies.