This project provides a ready-to-use local development environment for the Qdrant vector database using Docker Compose.
Before you begin, ensure you have the following installed on your system:
- Docker Desktop (which includes Docker and Docker Compose).
Follow these steps to start the Qdrant service on your local machine.
In a directory you want to place this project, run: git clone https://github.com/ubc/tlef-qdrant
Navigate to the root of this project directory in your terminal and run the following command to start the Qdrant container in detached mode (it will run in the background):
docker-compose up -dYou can check the status of the running container with:
docker-compose psYou should see a service named qdrant-local-dev with a status of Up.
Once the service is running, you can access the Qdrant Web UI in your browser at:
http://localhost:6333/dashboard
This dashboard allows you to view collections, search points, and interact with your vector database.
The Qdrant service exposes two main ports on your local machine:
- Port
6333(HTTP): The REST API endpoint for all database operations. You will use this for making HTTP requests to create collections, add points, search, etc. The Web UI dashboard also runs on this port at/dashboard. - Port
6334(gRPC): A high-performance binary protocol used by the official Qdrant client libraries (e.g., for Python, TypeScript/JavaScript).
This service uses Qdrant's JWT RBAC feature to support multiple application-specific API keys with different permission scopes.
| Key | How stored | Access |
|---|---|---|
| Master key | api_key in docker-compose.yml config |
Full admin — all collections + management |
| App key: my-app-1 | Comment in docker-compose.yml |
All collections, read + write |
| App key: my-app-2 | Comment in docker-compose.yml |
my-app-2 collection only, read + write |
All keys are passed identically in the api-key header. The app keys are JWT tokens signed with the master key.
After changing the master key, regenerate the local dev app tokens:
export QDRANT_MASTER_KEY="super-secret-dev-key"
./scripts/generate-dev-keys.shPaste the output tokens into the comment block in docker-compose.yml, then restart the container.
To create a real, scoped app key for a named application (for use in Vault/Ansible):
./scripts/new-app-key.shThe script will prompt for the app name, master key (hidden input), and one or more collections with their access levels (r read-only or rw read-write). It confirms your input before generating, and copies the token to your clipboard if pbcopy is available.
# Using the master key
curl http://localhost:6333/collections \
--header 'api-key: super-secret-dev-key'
# Using an app key (JWT token)
curl http://localhost:6333/collections \
--header 'api-key: <paste token here>'
# No key — returns 401 Unauthorized
curl http://localhost:6333/collectionsThe test suite verifies that all keys work as expected and that collection-scoped restrictions are enforced:
export QDRANT_MASTER_KEY="super-secret-dev-key"
export QDRANT_APP_KEY_MY_APP_1="<app-1 token from generate-dev-keys.sh>"
export QDRANT_APP_KEY_MY_APP_2="<app-2 token from generate-dev-keys.sh>"
./scripts/test-keys.shThe script creates two temporary test collections (my-app-1 and my-app-2), runs 17 scenarios, then deletes them. Your existing collections are not affected.
The Qdrant dashboard (port 6333) lets you see collections and results after running the tests:
http://localhost:6333/dashboard
All data created in your Qdrant instance (collections, vectors, etc.) is stored in the ./qdrant_data directory within this project.
This means your data will persist even if you stop and restart the container. If you want to start with a fresh, empty database, you can stop the service and delete this directory.
Stopping the service and viewing logs:
To stop the Qdrant container without deleting your data, run:
docker-compose downTo view the real-time logs from the Qdrant service for debugging, run:
docker-compose logs -fPress Ctrl+C to stop viewing the logs.