Okay, that’s the whole problem. 
This behavior is strange even if expected and will prevent me from upgrading from PS 8.0 (which currently works very well with the audit_log plugin) to PS 8.4 due to my tests of restoring encrypted data.
Beyond that, the logic of this functionality seems strange to me. I install the audit component to have audit logs and I install the keyring component to manage different encryption-related functionalities. There is a priori no link between the two, unless I explicitly state it. In this case, if we want to follow this logic, PS should also automatically create the innodb encryption keys, binlogs etc… as soon as we deploy the keyring component.
It would have been interesting to continue maintaining the old plugins while we had the new stable components.
The audit_log_filter component is very annoying and even unusable because of this problem and that of the format of the events returned which I have already reported here: [PS 8.4.4] Audit component doesn't work as expected