Azure key vault’s soft-delete feature allows the recovery of the deleted vaults and objects (keys, secrets, certificates). When enabled, resources marked as deleted are retained for a specified period (default 90 days) and during this time the service provides mechanism for recovering the deleted object.
Soft delete is by default ON during Key Vault creation with default retention period of 90 days. The retention policy can be changed from 7 to 90 days through Azure portal during Azure Key Vault creation. The purge protection retention policy uses the same interval. Once set, the retention policy interval cannot be changed.
Purge protection is an optional feature of Azure Key Vault which is disabled by default. Purge protection can only be enabled once soft delete is enabled for the key vault. When purge protection is on, a vault or an object in the deleted state cannot be purged until the retention period has passed. Soft-deleted vaults and objects can still be recovered, ensuring that the retention policy will be followed.
Source:
How to use Key Vault soft-delete with PowerShell
How to use Key Vault soft-delete with CLI