Yes, this is possible. you can create a new application to keep your data secure but this is also possible within the same application.
In that case, you can set the ACL of an API key to have access to a subset of indices for the public. This way, the search API key cannot access the private/internal indices. You can find some security best practices here.
Otherwise, Algolia Vault is an additional security feature that is only available as an add-on to your plan. If you are interested, please contact Support