Yes, you can. The DKIM signature is as follows:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=M1X/nttSCpN...ttSCpN=; b=SPso8U12ChySEQcnJcvm76...RAxjJFcBI=
During validation, the selector and domain (selector1 and example.com above, respectively) are used to determine the TXT record using the public key. This is done by merging them with _domainkey between:
selector1._domainkey.example.com
In your case, you can use 2 different selectors (for example, cloudapp1 and cloudapp2), then each private key can have its own unique DNS record. The corresponding DNS records look something like this:
cloudapp1._domainkey 3600 IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4zOo3N+Il220oK2Cp+NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeooliRd7SXIhKpXkgkwnAB3DGAQ6+/7UVXf9xOeupr1DqtNwKt/NngC7ZIZyNRPx1HWKleP13UXCD8macUEbbcBhthrnETKoCg8wOwIDAQAB" cloudapp2._domainkey 3600 IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4zOo3N+Il220oK2Cp+NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeooliRd7SXIhKpXkgkwnAB3DGAQ6+/7UVXf9xOeupr1DqtNwKt/NngC7ZIZyNRPx1HWKleP13UXCD8macUEbbcBhthrnETKoCg8wOwIDAQAB" = rsa; t = s; p = MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4zOo3N + Il220oK2Cp + NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeooliRd7SXIhKpXkgkwnAB3DGAQ6 + / 7UVXf9xOeupr1DqtNwKt / NngC7ZIZyNRPx1HWKleP13UXCD8macUEbbcBhthrnETKoCg8wOwIDAQAB" cloudapp1._domainkey 3600 IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4zOo3N+Il220oK2Cp+NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeooliRd7SXIhKpXkgkwnAB3DGAQ6+/7UVXf9xOeupr1DqtNwKt/NngC7ZIZyNRPx1HWKleP13UXCD8macUEbbcBhthrnETKoCg8wOwIDAQAB" cloudapp2._domainkey 3600 IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4zOo3N+Il220oK2Cp+NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeooliRd7SXIhKpXkgkwnAB3DGAQ6+/7UVXf9xOeupr1DqtNwKt/NngC7ZIZyNRPx1HWKleP13UXCD8macUEbbcBhthrnETKoCg8wOwIDAQAB"