how to configure sudo to allow certain parameter

In particular I want to allow the following command without password:

sudo cfgutil --ecid "${Device_ECID}" install-application "${in_File_Name}"

With Device_ECID and in_File_Name changing from one call to the next. I found several examples but most about about the opposite: prohibition variable parameters entirely or allowing any parameters. ----- **Update:** Shortly after posting I found out about wildcards. The following works for me:

%_developer ALL=(root) NOPASSWD: /usr/local/bin/cfgutil list-devices
%_developer ALL=(root) NOPASSWD: /usr/local/bin/cfgutil --ecid * install-application *

However, from @marcus-müller answer I take it that this is only the case because there are no actual spaces in the filename. So I wonder is there is something else I'm still missing.