Mac OS X autoupdate in background for limited users

Dears,

I am new to Mac OS X administration and also to Homebrew.
I am administering Mac OS X machines and I am trying to reduce manual administrative actions.
We made the choice to use Homebrew Cask to do it.
I created a daemon which launch a script regularly to update my brew apps.
It was working well until we deployed some apps requiring a password to be updated.

Apps with autoupdate set to true are not updating automatically and most of the time would require a password to update.
I then decided to use the parameter --greedy to force the update of this application via homebrew in my script instead of being updated by the app updater itself.
I found this a bit crapy but it worked for Signal.

I am now stucked if an app is requiring a password with the brew cask upgrade command.
I cannot figure out to solve this. I do not want to go on each Mac and type a password.

I should not be alone wanting to do this.
Maybe I am using the wrong way.

Can someone tell me if my approach is the right one and give me a direction if not?

Any help would really be appreciated.

Thanks in advance

There’s no real way to fix this. Some apps just need admin access to update

@SMillerDev
Thank you very much for your fast reply even if it was not the one I was expected to.
I cannot imagine there is no way to administer apps automatically and safely in Mac OS X.
Maybe there is a solution using another tool.

For Signal, by example, I think other administrators like me would have the ability to flag application by application as an autoupdate app or not. It would allow me not to have to use the parameter –greedy to update them without interacting with the app.

Has someone already managed to do what I want adding Ansible in the process?

Thanks in advance for any reply

All apps that only update with the --greedy flags are AFAIK apps that autoupdate. These would also ask the user for admin privileges once they restart in their “normal” scenario. I don’t think there’s much you can do here aside from letting your users update or using some way to input passwords in the sudo prompt.

Thanks SMillerDev,

I think I won’t be able to automate the full process in a safe manner.
I will then try to make my life easier using Ansible and launch the process from only one location instead of connecting remotely on each machine. I would have to plan it regularly to stay up-to-date.

Thanks again