$\newcommand{\EtM}{\mathit{EtM}}\newcommand{\concat}{\mathop{\Vert}}$Fix a secret-key message encryption scheme $E(k, n, m)$ and a secret-key message authentication code $M(k, n, m)$, which you combine using encrypt-then-MAC by $$\EtM(k_0, k_1, n, m) = E(k_0, n, m)\concat M(k_1, n, E(k_0, n, m)).$$ Is it safe to store $$n\concat\EtM(k_0, k_1, n, k_0'\concat k_1')\concat n'\concat\EtM(k_0', k_1', n', m)$$ for some long message $m$, so that you can swap out $k_0$ and $k_1$ without having to re-encrypt anything under the long-term keys $k_0'$ and $k_1'$?
Generally, yes—assuming all the keys are chosen independently uniformly at random, the security contracts of $E$, $M$, and encrypt-then-MAC are satisfied, provided you pick a different nonce $n$ each time (and unpredictably, if $E$ is AES-CBC).
You can also reduce the storage needed for keys from (say) a 512-bit concatenation of two 256-bit keys down to a single 256-bit key, by deriving $k_0$ and $k_1$ from some single swappable key $k$, and $k_0'$ and $k_1'$ from some single long-term key $k'$, using a key derivation function such as HKDF or the ‘SHAKE’ extendable output functions (‘XOFs’) of SHA-3 or similar.
Or you could just use NaCl crypto_secretbox_xsalsa20poly1305 or libsodium crypto_secretbox_xsalsa20poly1305 instead of cooking up your own authenticated-encryption out of a block cipher and HMAC. (AES-GCM may not be a good choice here because I infer from context that you probably don't have an easy way to pick $n$ sequentially, and the AES-GCM nonce is not large enough to pick safely at random.)
