Skip to main content
The Task Management plugin is available as a Docker image and serves as a dedicated microservice within the FlowX platform ecosystem.

Dependencies

Before setting up the plugin, ensure you have the following dependencies:
  • A MongoDB database for task storage
  • A connection to the RuntimeDB for operational data
  • Access to the database used by the FlowX Engine
  • Connection to the Kafka instance used by the FlowX Engine
  • A Redis instance for caching and performance optimization
While many configuration properties come pre-configured, several environment variables must be explicitly set for proper functionality.

Authorization configuration & access roles

The Task Management plugin validates incoming tokens with the JWT public key mechanism and authenticates to other FlowX services with a dedicated service account (the mainIdentity client registration) in the service-accounts realm:
Starting with 5.9.0, the Task Management plugin no longer connects to the identity provider for user lookup. Task operations resolve users through FlowX runtime authorization instead. The previously required view-users, query-users, and query-groups realm-management roles on the service account, the OPENID_PROVIDER / OPENID_ENTRA_* settings, and the openid: Helm values block are obsolete and can be removed from your deployment.
Upgrading from 5.1.x? Remove the legacy opaque-token env vars: SECURITY_OAUTH2_REALM, SECURITY_OAUTH2_CLIENT_CLIENTID, SECURITY_OAUTH2_CLIENT_CLIENTSECRET, and SECURITY_OAUTH2_SERVICEACCOUNT_ADMIN_*. These belong to the removed introspection model and prevent the service from starting on 5.9.x. See the authentication and IAM migration guide for the full list.
For more detailed information about configuring the service account:

Task Management Service Account

FlowX Engine datasource configuration

The service needs access to process instance data from the engine database. Configure these connection parameters:

MongoDB configuration

Configure access to the primary MongoDB instance:
Task Manager requires a runtime connection to function correctly. Starting the service without a configured and active runtime MongoDB connection is not supported.

Runtime MongoDB configuration

Task Manager requires a runtime connection to function correctly. Starting the service without a configured and active runtime MongoDB connection is not supported.
Enable the Runtime MongoDB connection:

Redis configuration

Task Management Plugin uses Redis for caching. Configure Redis connection using the standard Redis environment variables. Quick reference:
Both SPRING_DATA_REDIS_* and SPRING_REDIS_* variable prefixes are supported. The SPRING_DATA_REDIS_* prefix is the modern Spring Boot standard and is recommended for new deployments.
For advanced Redis deployment modes (Sentinel, Cluster) and SSL/TLS setup, see the Redis Configuration guide. Note that Sentinel and Cluster modes are only supported by the Events Gateway service.

Kafka configuration

Configure the Kafka integration using these environment variables:

Core Kafka settings

OAuth authentication (when using SASL_PLAINTEXT)

When using the kafka-auth profile, the security protocol will automatically be set to SASL_PLAINTEXT and the SASL mechanism will be set to OAUTHBEARER.

Topic naming configuration

Kafka topics

Process management topics

Scheduling topics

User management topics

Task operations topics

Events and integration topics

The Engine listens for messages on topics with specific naming patterns. Ensure you use the correct outgoing topic names when configuring the Task Management plugin to maintain proper communication with the engine.

CAS lib configuration

Logging configuration

Control logging verbosity with these environment variables:

Ingress and CORS

The Task Management plugin is exposed on both the admin and public hosts. Routing is configured through the FlowX Helm chart, which renders either a Kubernetes Ingress (default) or a Gateway API HTTPRoute per service. CORS handling lives in the service code; only the allowed-origins list is deployment-specific.

Service routes

Paths are set through services.task-management-plugin.ingress.admin.path / services.task-management-plugin.ingress.public.path (or the corresponding gateway.<key>.paths) in the chart values.

CORS configuration

Allowed methods, allowed headers (including Authorization, Content-Type, Fx-Workspace-Id), and credential handling are baked into the serviceโ€™s application.yaml with safe defaults. Override these only if you have a non-standard requirement. For the complete route reference, Gateway API HTTPRoute configuration, and route customization, see the ingress configuration guide.

Filtering feature

Scheduled jobs

Configure scheduled maintenance jobs:

Resource usage monitoring

The plugin includes a resource usage monitoring feature that can be configured:

Database migration

The Task Management plugin uses Mongock for MongoDB migrations:
Last modified on June 9, 2026