How to programatically add secure_path in sudoers file
If you can live with replacing the
secure_path value instead of appending it, you can use a much easier solution. Usually sudo has a config directory like
/etc/sudoers.d where you can drop additional configuration files.
Just create a file there with your complete
Defaults secure_path="<default value>:/usr/local/bin"
This overwrites the value from the main config. If the path value is the same for all your machines this can easily be deployed with scripts or a package.
This has the additional advantage that you don't have to check and possibly merge config files when the sudo package is updated in the future.
assuming you know the line with secure_path exists, a simple sed command to do this
sed -i -e '/secure_path/ s[=.*[&:/usr/local/bin[' /etc/sudoers
or a bit more sophisticated (more syntax check on input) :
sed -i -r -e '/^\s*Defaults\s+secure_path/ s[=(.*)[=\1:/usr/local/bin[' /etc/sudoers