We have started working with the "Always Encrypted" (AE) feature of SQL Server, which allows data to be stored encrypted using a key set that can be retrieved via the client (.Net 4.6.1 and above) and thus permits the encryption to be "transparent" to the client application. This takes some doing, but is very clean once established.
The problem, from a LinqPad perspective, is that using a non-AE-aware connection to the DB sees all encrypted fields as bytearrays... actually, somewhat confusingly, they are byte arrays that are cast to their declared data type (e.g. "nchar(max)" or whatever). This causes any query on a table with an AE field to throw an exception.
The solution for LinqPad would be to prompt for the AE credential data (certificate, KeyVault details, etc.) so that it can set up the ADO.Net connection correctly. It'd be .Net 4.6 and Sql Server 2014(+) specific, but would prevent me from suffering with SSMS.