A boring story to illustrate the point:
Just a few weeks ago, I had an extended power outage, and was running my modem, router and laptop charger on an inverter of my own design. The inverter is of the "modified sine" type, plus current limiting, with filtered outputs (enough filtering just to take the edge off and allow the current limiting to work -- the mains waveform is still very chunky). Well, the filter inductors buzz, or maybe it's the capacitors, but it doesn't really matter. What's important is they buzz louder under load.
So, say I'm flipping through a static web page: there's a big rush of power consumption as the page loads, then a little here or there as the CPU renders more of the page. Say I'm flipping through an infinite-scrolling web page: the CPU is constantly pulling in more content, formatting and rendering it. Every scroll causes a buzz, louder and longer, and more sporadic (as content is loaded piecemeal), than the other example.
You'd need a keylogger or other kind of trojan to trap keystrokes and convert them to moderate CPU usage, but this is absolutely a fine way to exfiltrate small amounts of data.
Keep in mind that comparable data flows are responsible for all the Spectre, Meltdown, etc. vulnerabilities. A malicious program might execute millions or billions of loops, extracting mere bytes or kB in the process; but that's all that's necessary to snoop around suspected user or kernel data structures, and locate and exfiltrate keys.
Time doesn't really matter, if the system and attack are persistent. A few kB key is easily read out over several days at some bits/second. Well, heck, hours even at that. Doesn't matter if it requires patience. A good attacker has that. What matters is whether it's possible at all.
Now, noteworthy that my example is air-gapped in one respect: it's battery powered, so a lot of that information is lost by merely discharging the battery an incremental amount. If it were on a float charger at the same time, the load fluctuations will pass through it, into the mains; that would be a mistake. However, if I designed a random cycling charger (which responds only very gradually, to keep up average charge level), that would again not only destroy the signal, but allow it to be masked as well.
Or actually, just swapping two batteries would be the better idea. It would still be difficult to separate load current from charge current, and thus the information leakage would merely be conditional on the charger being active. It becomes merely an intermittent channel. Swapping batteries ensures that load and charge currents are wholly separate.
And not that I have any particular need or expectation of such levels of secrecy; this is not at all intended as part of a proper air-gapped system, just a coincidental example, a part among many others that is necessary to ensure proper isolation of such systems.
Tim