For added security, Veracode highly recommends to use the Credentials Binding plugin to store Veracode API credentials. Jenkins binds the credentials to environment variables that appear in scripts instead of the actual credentials.

Enter the environment variable reference to bind your Veracode API key. If you are using an environment variable, delete the quotes around the value for vkey in the pipeline script.