How should Always Encrypted key providers handle errors?

[shueybubbles]

A column encryption key provider has to guard against a myriad of environmental problems and malicious attacks. If the encryption key path or the encrypted key returned from the database is invalid, the user's database may have been compromised or their application could have a code bug.