You cannot encrypt AES without the same key you need for decryption, regardless of where you encrypt, that will be a vulnerability as the encryptor needs the key in clear to do it's job.
Have you considered Public Key encryption? The public key can be published to your client and used to encrypt the data, but the Private key is needed for decryption and that remains server-side at all times.
Public-key cryptography - Wikipedia[
^]
It doesn't matter then if the encrypting key is compromised - it's useless for decryption anyway.